If you’re reading this, the odds are good that at some point in your life you’ve seen a Disney movie of some sort. Many of these movies feature some sort of magic device, such as a magic mirror or a pool of water, that let the characters see things they otherwise couldn’t. Think of the wicked queen in Snow White chanting “Mirror, mirror, on the wall…” and you’ll get the idea. Microsoft offers something very similar in the form of the service health dashboard (SHD) in Office 365.
Topics: Office 365
Reddit, a popular online discussion site, has a running joke: people are often asked whether they would rather fight a horse-sized duck or 100 duck-sized horses. This question has surprising relevance to Office 365, because while Microsoft customers often worry about the threat of a widespread large outage (the horse-sized duck), they’re actually getting beat up by a larger number of smaller, less damaging but still annoying outages (the herd of duck-sized horses). There are a couple of deeper issues here that warrant a closer look to understand what the real risk is, and what you can do about it.
I just flew back from Microsoft Ignite, and boy are my arms tired. (Not really; I got to fly myself there and back.) It was a tremendous conference, with lots of announcements, product changes, attendee chatter, and various other happenings. I wanted to write a quick recap of some Ignite highlights, but first: a quick book review. (I promise it’s relevant.)
I hear you now: “Wait! You and Tony record new episodes quarterly! InCalifornia! Why are you posting a new episode already?”
Topics: Office 365
One of my favorite parts of being ENow’s CTO is bragging on the work our technical team does. I’m delighted to announce the latest GA release of the ENow Management System, 220.127.116.119. (Yes, that’s an odd version number—we purposely chose it in honor of Prince’s passing. Now we can, with a straight face, tell our customers to party like it’s 1999, as long as “party” means “upgrade” and “like it’s 1999” means “with our awesome new installer.”)
Hybrid environments are complicated. Microsoft has done tons of work over the years to try to simplify the hybrid experience—a huge task when you remember that hybrid Office 365 deployments can cover Active Directory, Exchange, SharePoint, and Skype, along with cloud-only services such as Office 365 Groups. Sometimes, despite the best efforts of the wizards of Redmond, running a hybrid deployment leads to situations that we call Hybrid Headaches… problems that on-prem-only environments won’t encounter but which can be incredibly frustrating obstacles in a hybrid environment.
On December 3, Microsoft had an outage that affected their Office 365 service for customers in most of Europe. More precisely, the outage was actually in Azure Active Directory.
On November 24th, this post on Reddit announced that Sony Pictures Entertainment (SPE) had been hacked by a group calling itself the Guardians of Peace (GOP). Since that time, a steady stream of claims, counterclaims, data from the breach, and reports about that data has occupied both mainstream and IT-focused media. There are lots of open questions about what happened, who exactly is responsible, and what the long-term impact of the breach will be for SPE. The more important questions to ask right now, though, revolve around how to ensure that you’re not the next high-profile organization to have its security woes splashed across the front page of the New York Times and CNN.
What we know
Examining what we know (or can assume with a high level of confidence) about the breach is a good place to start. The most comprehensive public analysis is probably the one posted by RiskBased Security, which has gathered a treasure trove of links to analysis and commentary. Different media outlets and security professionals have very different takes on the attack, from the outlets focused on the sensational aspects (who’s badmouthing who, how much SPE spent or made on individual projects) to those that instead focus on the mechanics of the attack and the possible legal consequences for SPE.
Here’s a brief summary of what we know, based on the materials that have been released by the attackers, research and commentary from security experts, and credible press reports: