Microsoft is looking to tempt disgruntled legacy G Suite users with a “special offer” that includes a 60% discount on year-long Microsoft 365 Business Basic, Business Standard, or Business Premium subscriptions.

Last month, Google announced that it would give those with free G Suite accounts until 1 July to upgrade their plans to a paid subscription, after which point they will lose access to most of its services. The move could be especially detrimental to small businesses that were able to save up to £13.80 per user per month by not paying for a G Suite, now known as Workspace, account.

Microsoft has seemingly decided to capitalise on Google’s decision, identifying a new group of potential customers who could be seeking a new email account provider, allowing them to also benefit from Microsoft Teams, cloud storage, as well as a suite of Office apps.

“If you’re a small business that’s relied on G Suite legacy free edition, we couldn’t help but notice you might be in the market for a new solution. We’ve got news for you: today, you can get a 60% discount on a 12-month Microsoft 365 Business Basic, Business Standard, or Business Premium subscription, along with the help you need to make the move,” Jared Spataro, corporate vice president for Microsoft 365, announced last week in a blog post.

Small businesses that decide to migrate their data from legacy G Suite to Microsoft 365 will be able to benefit from Microsoft’s Business Assist, which provides expertise and advice for those who are new to the service, ensuring that they make the most out of 365.

Google has since backtracked on its decision to shutter legacy accounts, adding a section to its support page that promises more options for people to keep the data stored in their accounts for free. Although the options won’t include premium features like custom email or multi-account management, this could potentially be subject to change “in the coming months”, the tech giant added. 

The company was not immediately available to comment when reached by CloudPro. 

Microsoft is looking to tempt disgruntled legacy G Suite users with a “special offer” that includes a 60% discount on year-long Microsoft 365 Business Basic, Business Standard, or Business Premium subscriptions.

Last month, Google announced that it would give those with free G Suite accounts until 1 July to upgrade their plans to a paid subscription, after which point they will lose access to most of its services. The move could be especially detrimental to small businesses that were able to save up to £13.80 per user per month by not paying for a G Suite, now known as Workspace, account.

Microsoft has seemingly decided to capitalise on Google’s decision, identifying a new group of potential customers who could be seeking a new email account provider, allowing them to also benefit from Microsoft Teams, cloud storage, as well as a suite of Office apps.

“If you’re a small business that’s relied on G Suite legacy free edition, we couldn’t help but notice you might be in the market for a new solution. We’ve got news for you: today, you can get a 60% discount on a 12-month Microsoft 365 Business Basic, Business Standard, or Business Premium subscription, along with the help you need to make the move,” Jared Spataro, corporate vice president for Microsoft 365, announced last week in a blog post.

Small businesses that decide to migrate their data from legacy G Suite to Microsoft 365 will be able to benefit from Microsoft’s Business Assist, which provides expertise and advice for those who are new to the service, ensuring that they make the most out of 365.

Google has since backtracked on its decision to shutter legacy accounts, adding a section to its support page that promises more options for people to keep the data stored in their accounts for free. Although the options won’t include premium features like custom email or multi-account management, this could potentially be subject to change “in the coming months”, the tech giant added. 

The company was not immediately available to comment when reached by CloudPro. 

Vodafone has announced that it has selected Oracle to provide cloud-native network policy management that will help it progress towards standalone (SA) 5G. 

The solution is comprised of Oracle’s 5G Core Policy Control Function (PCF) and Policy and Charging Rules Function (PCRF), which allows the deployment of complex network policies, including wireless, fixed, and cable, as well as Internet of Things (IoT) and machine-to-machine (M2M) networks. 

In Vodafone’s case, the solution will provide data on the basis of which Vodafone’s customers will be able to choose the best network offering for their needs. This will allow Vodafone to automate and scale to meet the expected growth in 5G subscribers and connected devices, allowing a seamless experience across 4G and 5G networks while also delivering a smooth integration of new 5G services – such as VR/AR, live-streaming, or IoT.

Oracle’s senior vice president and general manager of Networks, Andrew Morawski, said that intelligent policy management is the “entryway” to any new opportunities provided by 5G connectivity:

“Our 5G and cloud capabilities are helping Vodafone to build a future-proof network that is automated, easier to scale, simpler to operate, and more cost-effective,” he added.

Commenting on the news, Vodafone UK chief network officer Andrea Dona said that “moving to ‘cloud native’ is a culture shift as much as it is a technology shift for a techcomms company like Vodafone”. 

“Our partners must demonstrate flexibility and agility, as well as aligning to our vision of how technology will augment and support tomorrow’s digital society,” she added.

The news comes days after reports emerged of Virgin Media O2 calling off its Mobile Virtual Network Operator (MVNO) agreement with Vodafone.

Signed in 2019 and implemented only last year, the deal saw Vodafone replace BT in supplying wholesale mobile network services, including both voice and data, to Virgin Mobile and Virgin Media Business. It also provided Virgin Media with full access to Vodafone’s current services and future technologies, including its 5G network, and was set to last until 2026. However, the newly-merged Virgin Media O2 has reportedly informed its bondholders late last week that it has now cancelled the deal.

A spokesperson for Virgin Media O2 declined to comment on the reports.

Video conferencing and collaboration platform Zoom has released an update to its macOS client addressing a security issue whereby a Mac’s microphone remained enabled even after a meeting had ended.

Zoom users running the latest version of macOS Monterey had been concerned about the apparent privacy issues since December 2021, according to posts made on the official Zoom community support forums, first reported by The Register.

The issue in question involved the orange dot in the Mac’s Control Centre appearing, indicating that the device’s microphone was being used in an application. That app was revealed to be Zoom, which was open in the taskbar but not actively in a meeting.

Numerous replies to the original post echoed concerns regarding where the audio data was being sent, and that it wasn’t a single use case. 

One user appearing to represent Zoom support said the bug was known to Zoom and it was patched in the 5.9.3 version released on 24 January 2022. That said, IT Pro is still waiting to hear from Zoom officially.

The release notes accompanying version 5.9.3 made no explicit mention of the macOS bug, but earlier release notes for version 5.9.1 issued on 20 December 2021 indicated the big had been fixed, though no explanation as to why the bug presented itself, or what was done with recordings.

Numerous users also reported the bug persisting even after updating to version 5.9.1 and complaints persisted well into January 2022, long after even the 5.9.3 patch was released. IT Pro will update this story if Zoom provides clarity on the issues.

At the time, users commenting on the community support thread voiced their concerns around privacy, re-iterating their experience with Zoom’s privacy issues in years gone by. One user said: «This is [a] major privacy breach and I am considering dropping Zoom and asking my IT department to replace Zoom with a more secure option».

The incident prompted Apple to roll out a silent update removing the web server from all Mac machines which followed Zoom’s own update achieving the same purpose. Apple said at the time that no user intervention was required to enable the update but IT Pro’s testing, at the time, showed the issue persisted until the user rebooted their machine.

The company also settled a case with the Federal Trade Commission (FTC) in 2020 after the claims it made about the use of end-to-end encryption (E2EE) on its platform, which was used by governments and local authorities during the pandemic, turned out to be false.

Singapore’s Home Team Science and Technology agency (HTX) has chosen Microsoft to develop a sovereign cloud to accelerate its digital transformation.

HTX said the agreement will play a key role in helping domestic services, such as the police or civil defence force, to deliver improved safety and security to all citizens, residents, and visitors to the city-state.

The sovereign cloud will be built on Microsoft’s Azure platform and equip HTX with on-demand high-performance cloud computing and data storage resources. It hopes this will help the agency quickly adopt and create new technologies and reduce time-to-market in introducing new digital capabilities.

It added that it will provide home team officers on the ground with real time data to help them respond quicker to incidents and make decisions faster.

“This strategic partnership with Microsoft to develop a sovereign cloud here in Singapore will enable us to push the boundaries of innovation and be in the forefront of technology,” said Chan Tsan, CEO of HTX and deputy secretary of the Ministry of Home Affairs.

“This way, we will be well-poised to exponentially enhance the capabilities of the home team and to keep Singapore as the safest place on the planet.”

Microsoft will also provide additional training and educational opportunities as part of the agreement, including 600 training places along with exam certificates to be made annually to the organisation. It hopes that the training will advance the technical skills of cloud technology professionals in Singapore.

“We’re delivering a trusted sovereign cloud that adheres to and meets the needs of the Singapore government – one that will expedite their digital transformation efforts,” said Judson Althoff, executive vice president and chief commercial officer at Microsoft. “Our agreement will enable key technological advancements and provide access to data and insights to help drive change across various communities.»

Although Microsoft does have an Azure cloud region in Singapore, it remains unclear as to where the new sovereign cloud will be housed. Building data centres in the city is still restricted but the government is planning to lift the ban on their construction once new rules placing strict energy efficiency requirements on all new sites come into force.

A quarter (24.77%) of all spam emails sent in 2021 originated from Russia, with more than half (56%) of all emails being spam messages.

That’s according to Kaspersky’s latest Annual Spam and Phishing Report, which analysed close to 150 million malicious email attachments blocked by the cyber security provider’s antivirus over the course of last year.

​

Kaspersky identified 10 countries that were responsible for sending out more than three quarters of the world’s spam emails, with Russia and Germany (14.12%) being the most prolific senders.

The US and China came in third and fourth place, at 10.46% and 8.73% respectively. The Netherlands (4.75%) came in fifth place, followed by France (3.57%), Spain (3%) and Brazil (2.41%), Japan (2.36%), and Poland (1.66%).

When compared to 2020, Russia and China had the most significant rise in sent spam – a 3.5% and 2.5% increase, respectively.

Brazil-based users were most often targeted by phishing attacks, with 12.4% of 2021’s victims being based in the South American country, followed by French, Portuguese, and Mongolian users.

When it came to content, 2021’s spam emails mostly centred around popular topics including money and investment, Bond and Spider-Man movie premieres, and the pandemic, which Tatyana Shcherbakova, security expert at Kaspersky, described as “bread and butter for scammers”.

The most notable COVID-related scams included fictitious financial support schemes and fake COVID vaccination passes and QR codes, Kaspersky found.

“These scams prove to be very efficient as people continue to trust too much of what they see in their inboxes and browsers. We believe it is important to be aware that there are a lot of offers out there that seem “too good to be true”,” she said, calling on people “to be cautious when it comes to trusting what’s in their email”.

“This approach may help them save their private data and money,” Shcherbakova added.

Kaspersky’s findings come weeks after Microsoft issued a warning about hackers targeting Microsoft 365 users with a fake app capable of stealing OAuth authentication tokens, providing them full access to the victim’s email, calendar, and contacts.

​

Microsoft has said its Teams app now uses 50% less power when running video calls and meetings, thanks to a range of performance improvements it has implemented since 2020. 

Microsoft Teams can be especially demanding for users of low-end devices that lack the adequate hardware processing capabilities of more expensive models, Microsoft said, especially with functions like meetings with multiple video streams or sharing one’s screen with a group.

​

Ongoing optimisations to the collaboration platform have improved the experiences for many business users and have led to reduced energy costs, Microsoft said, as it outlined the timeline of its optimisation releases over the past few years.

«One of the challenges brought on by the ubiquity of Teams is the need to create equitable experiences across an incredibly diverse Windows device ecosystem,» said Robert Aichner, principal group program manager at Microsoft.

«We’re committed to ensuring great calling and meeting experiences for users on low-end hardware as well as those on high-end workstations and high-resolution monitors. One of the factors we’ve addressed is the difference in power requirements for different customer profiles by ensuring Teams meetings are as energy-efficient as possible, regardless of setup.»

Microsoft measured the improvements by creating a testing framework that accounted for different energy-demanding scenarios, such as video meetings and screen sharing, to evaluate the critical processes associated with them to identify optimisation opportunities. Such processes included content capture, encoding, and rendering.

Credit

Microsoft

Over the course of 17 months, Microsoft made changes to these processes, starting with video capture optimisation in October 2020, involving a reduction in CPU load when the camera was enabled. This delivered the most significant performance increase, with a 27% drop in power consumption.

Specifically, Microsoft focused on camera optimisations that targeted reduced CPU load in meetings and reducing code complexity in areas such as auto-exposure, auto-white balance, and auto-aliasing.

This was followed by consolidating multiple screen elements for a single render process in February 2021, which brought an additional 14% decrease in power use. Incremental optimisations made over the following year delivered small improvements, slowly building to a peak performance improvement of 52%.

«Similar to our other performance improvement initiatives, these power consumption improvements are subjected to progressive testing to validate the intended benefits across customers and environments,» said Aichner. «Additionally, we evaluate each new planned Teams feature to ensure existing processing efficiencies are not compromised.

«So while we continue to launch innovative Teams features to help people connect and collaborate in new ways, we’re also dedicated to making sure these experiences are optimised for all users, regardless of their network and devices.»

​

Microsoft Teams is getting a new LinkedIn integration that will give users access to colleagues’ profiles on the professional social networking site. 

​

According to the company’s roadmap for Microsoft 365, users will be able to see their colleagues’ LinkedIn profiles when in a one-on-one chat. 

Microsoft added the feature to the road map last week, and it will enter general availability in March.

This addition follows enhancements to Microsoft Teams in public preview, including a compact chat option that lets users select a view displaying more chat messages and the ability to promote invitees to co-organizers.

Microsoft has been tying Teams more closely to its other products of late. It included tighter Teams integration with Windows 11 by displaying Teams contacts directly on the Windows taskbar for Teams personal users.

LinkedIn isn’t the only online service integrating with Teams. In November Microsoft also announced an integration deal with Meta’s rival Workplace collaboration service. This will enable the two services exchange content with each other so that Teams video will live stream directly into Workplace groups.

LinkedIn, which Microsoft acquired in 2016, has not always been happy with people accessing its data. hiQ Labs sued the professional social network, forcing it to allow access to its user-generated data. It won on appeal in 2019 but last year the Supreme Court vacated the decision, referring it once again to the ninth circuit court.

Microsoft is also planning some other feature enhancements for Office 365, including easy access to Teams files from its OneDrive storage service. This update, which will be available in April, will see the company add a ‘Your Teams’ section to OneDrive’s ‘More Places’ page.

​

Sophos is set to launch a new data centre in Mumbai in March, as well as one in São Paulo in May.

The cyber security company said the new data centres will help organisations in the regions meet strict data sovereignty laws and regulations. It said this is increasingly required for those in banking, government, and other tightly regulated market sectors.

The new data centres will expand Sophos’ existing base around the world in the US, Canada, Ireland, Germany, Japan, and Australia.

The data centres are also set to provide organisations with the ability to store, manage, and access data locally from Sophos Central, its cloud management platform.

Products and services with access to the new data centres will initially include Sophos Extended Detection and Response, Sophos Intercept X, Intercept X for Server, Sophos Encryption, and Sophos Managed Threat Response services. Its other offerings are planned to be introduced over time, although it didn’t specify when.

“The data centre in Mumbai would help Indian organisations accelerate digital transformation and cloud migration,” said Sunil Sharma, managing director of sales for India and SAARC at  Sophos.

“India is one of the important markets for us and we have heavily invested in the country. We already have a large base of our research and development in India, and the data centre would enable Sophos to further build its leadership presence in the region by providing local data sovereignty and security solutions.”

Sophos added it is also focused on Brazil, where its new data centre would serve as a resource for local organisations as well as Latin American and other international companies planning to do business there.

“Sophos is planning to answer a critical market need for data sovereignty solutions in Brazil, which has strict regulatory requirements,” said Oscar Chavez-Arrieta, vice president for Latin America.

“Sophos is experiencing tremendous demand and growth momentum in Brazil and across Latin America, and significant investments are planned to expand and comprehensively address regional data regulations, including the Brazilian General Data Protection Law (LGPD) and Complementary Standard NC-14 regulations.”

Cloud companies are increasingly expanding into India, with Google Cloud announcing in late January it would open a new office in the city of Pune. This comes after the company opened its second cloud region in the country in Delhi last July, hoping it would better support customers and the public sector in India and across Asia Pacific.

Microsoft has announced it will disable all Visual Basic Application (VBA) macros obtained from the internet in Office documents by default in a bid to tackle widespread exploitation of the method used for malware and ransomware delivery.

Cyber security experts have long called on Microsoft to change its approach to VBA macros and the move has been greeted positively by nearly all corners of the industry. The default setting will be applied to five Microsoft Office products – Word, Excel, Powerpoint, Visio, and Access – and will start rolling out to Windows users in April 2022 with the Version 2203 update via the Current Channel (preview).

​

The change will be available in other update channels at an unspecified later date, including in Current Channel, Monthly Enterprise Channel, and Semi-Annual Enterprise Channel. Office LTSC, Office 2021, Office 2019, Office 2016, and Office 2013 will also eventually all receive the update.

VBA macros are commonly used in Microsoft office products to automate repeat manual functions and are especially commonplace in industries like accounting and finance to expedite tasks in spreadsheets, for example. 

Cyber attackers are also commonly drawn to the feature to facilitate the launch of cyber attacks or distribute malware, a technique most commonly used in phishing attacks. A common scenario would see an attacker send a phishing email to an individual’s work account containing a seemingly innocuous Office document attached.   

Credit

Microsoft

Once the document is downloaded and opened, the user would be presented with a document with a notification in the toolbar providing the user to ‘enable content’ which would see the macro run and whatever malicious payload associated with it downloaded and installed.

Figures from Netskope’s January Cloud Threat Report revealed that the use of Microsoft Office documents related to malware downloads increased to 37% by the end of 2021, compared to 19% at the start of 2020.

«A wide range of threat actors continue to target our customers by sending documents and luring them into enabling malicious macro code,» said Tom Gallagher, partner group engineering manager at Office Security. «Usually, the malicious code is part of a document that originates from the internet (email attachment, link, internet download, etc.). Once enabled, the malicious code gains access to the identity, documents, and network of the person who enabled it.»

Microsoft is changing the default behaviour of macros in five Office applications so that users will no longer be able to enable them with one click of a mouse. Instead, users will now be presented with a button encouraging them to click and learn more about the potential impacts of enabling macros, and what malicious ones can achieve on a corporate network.

«The default is more secure and is expected to keep more users safe including home users and information workers in managed organisations,» Microsoft said.

Community reaction

The cyber security community has come out in droves to support the move from Microsoft, a move that some corners of the industry have requested for some time. As recently as the weekend, the topic resurfaced on social media with experts calling for a change in approach to macros. 

Malware campaigns launched through phishing attacks are typically the chief exploiters of VBA macros, such as the newly resurfaced Emotet campaign which relies on the method as a key entry point. Experts believe the move is expected to reduce the number of cyber attacks in businesses significantly. 

«The implications of turning Macros off by default is a huge win for security as it significantly reduces the potential victim scope of macro-based attacks for cybercriminals,» said Joseph Carson, chief security scientist at Delinea to IT Pro.

«In the past, we relied heavily on users to make security decisions on macros with a warning – this can potentially reduce the risks from curious employees who may just accept the warning and run the macro that could result in stolen credentials or a fully compromised machine. The issue lies in how quickly organisations can upgrade to this version as office upgrades can typically take a long time, though at least those who have moved to cloud solutions should benefit sooner.»

Other experts have said malicious macros account for «about 25% of all ransomware entry» – a figure they describe as «conservative» mostly related to larger ransomware organisations like the ones most recently targeted by international law enforcement.

Real-world applicability

Some corners of the industry have raised concerns about how easily it will be for businesses to enforce the new default rules for Office documents given the entrenched culture of macros use in certain industries.

Security experts have said certain users who rely on macros for significant areas of their job, such as accountants, will likely complain to IT departments asking for the default to be reverted back to the one-click functionality of before, despite the risks. 

Others disagree, saying the difference will only add a small layer of friction to normal processes. Magni Reynir Sigurðsson, senior manager of detection technologies at Cyren said: «this will not affect industries that rely on documents using macros, they will just have to take the extra step of enabling them file by file for specific files they do trust».

«For those industries that heavily rely on macros such as financial or accounting industries, the hope is that Microsoft will, at last, make it simple enough for individuals to turn it on for on-demand purposes on approved documents and scanned documents,» added Carson.

Administrator options

There are a number of policies available to system administrators who wish to enable the new macro settings in a custom way, one that’s suitable for their business. Such policies include:

• Blocking macros from running in Office files from the Internet – Microsoft recommends enabling this policy and the organisation will not be affected by the default change
• Opening files from a Trusted Location
• Opening files with digitally signed macros and providing the certificate to the user, who then installs it as a Trusted Publisher on their local machine

Credit

Microsoft

The image above outlines the evaluation flow for Office files with VBA macros and Mark of the Web (MOTW) – an attribute added to files by Windows when it is sourced from an untrusted location.

Administrators can read more about how the change impacts the environments in Microsoft’s dedicated article for Office admins. 

​