Friday, 14 July 2017

BMW and Microsoft work to create an even more productive ride with Skype for Business in new BMW 5 series


By Ulrich Homann, Distinguished Architect, Cloud + Enterprise
In today’s always-on culture, people need to be productive from anywhere – including their cars. Commute times are reaching record highs and people work from a variety of locations. This means that people need a way to capitalize on time spent in their cars. At Microsoft, we believe that cars should be more than just a ride, and also be a personal office on wheels, helping people be productive and giving them time back to enjoy their lives. Our partners at BMW share that philosophy and have positioned the company for a future where the nature of work is more mobile.
In 2016, Microsoft and BMW announced a partnership to build a platform called Open Mobility, which powers BMW Connected, BMW’s personalized mobility companion powered by the Microsoft Azure cloud. BMW and Microsoft took another step to help its drivers be even more efficient on the go. Following the launch of the new BMW 5 series in December 2016, BMW became one of the first auto manufacturers to commercially offer Office 365 communications and collaboration services through Microsoft Exchange to drivers who already rely on Office 365 at work and want to extend the services to their car.

Sunday, 9 July 2017

Petya ransomware prevention & detection in Azure Security Center

This blog post was authored by Tim Burrell, Principal Engineering Manager, Microsoft Threat Intelligence Center .
Microsoft Malware Protection Center (MMPC) published a blog post yesterday detailing a new ransomware infection that appears to have begun in Ukraine and spread from there to other places in Europe and beyond. MMPC analysis showed this to be a more sophisticated variant of Ransom:Win32/Petya and all free Microsoft antimalware products were updated with signatures for this threat, including Windows Defender Antivirus.
This post summarizes measures that Azure customers can take to prevent and detect this threat through Azure Security Center. See here for basic information on enabling Azure Security Center.


Azure Security Center scans virtual machines across an Azure subscription and makes a recommendation to deploy endpoint protection where an existing solution is not detected. This recommendation can be accessed via the Prevention section as shown below.
Security Center - Overview
Drilling into the Compute pane (or the overview recommendations pane) shows more detail, including the Endpoint Protection installation recommendation being discussed here:
Clicking on this leads to a dialog allowing selection of and installation of an endpoint protection solutions, including Microsoft’s own antimalware solution:
Install Endpoint Protection
Select Endpoint Protection
These recommendations and associated mitigation steps are available to Azure Security Center Free tier customers.


Azure Security Center customers who have opted into Standard-Tier can benefit from a new detection recently added to alert on specific indicators related to Petya ransomware running on an infected host - this is described in further detail below.
These alerts are accessed via the Detection pane highlighted below, and require the Azure Security Center Standard tier.
Security Center
An alert for Petya ransomware will show up as shown below:
Detected Petya
Drilling in provides more detail of the impacted VM and suspicious process or commandline that triggered the alert:
Detected Petya ransomware indicators
Note that although the detection alert relates to a specific host, because this ransomware attempts to propagate to other nearby machines, it is important to apply remediation steps to all on all hosts on the network, not just the host identified in the alert.
Please follow the remediation steps indicated in the Alert or in the Microsoft Malware Protection Center (MMPC) blog.

Monday, 27 March 2017

Azure Germany in CSP

Azure in Germany was launched in 2016, and if you’ve heard about that, you may already know, that Azure in Germany is different from other Azure regions.
Azure in Germany is an isolated instance of Azure. It doesn’t connected to other Azure regions. Azure Portal URL is different – I recommend to read this article to understand high-level details why Azure in Germany was built this way.
Unlike Azure in China, which is operated by 21Vianet and doesn’t even have an English version of the website, Azure in Germany is operated by Microsoft, but with local specifics:
  1. German Azure regions are isolated from other regions (Europe, US, Asia). The network between these datacenters is isolated and dedicated within Germany.
  2. Support for Azure Germany comes from EU-based support staff. The German data trustee supervises all support that requires platform access.
  3. Customer data remains in Germany under the control of T-Systems International GmbH, a subsidiary of Deutsche Telekom, acting as the German data trustee. Microsoft does not have access to customer data or the datacenters without approval from and supervision by the German data trustee.
  4. Originally these regions were available only for the customers with business address in Germany. Recently it was extended to any customers with business address in EU/EFTA.
  5. Azure Germany is deployed in 2 regions – Germany Central (Frankfurt) and Germany Northeast (Magdeburg, not far from Berlin). Germany Central region is bigger and has more Azure services deployed. Price for Azure services in these two regions is pretty the same, it is a little bit higher than in Global Azure regions in Europe (West Europe, North Europe).
  6. Azure in Germany has its own Azure Portal ( and its own tenants (*
  7. You need to specify that you want to connect to Azure Germany in PowerShell or CLI. For example, this is an example for PowerShell: Login-AzureRmAccount -EnvironmentName AzureGermanCloud
How Azure in Germany is different from CSP perspective:
  1. To be available to sell German Azure to your customers in EU/EFTA, you’ll need to get a separate Partner Center account by completing an additional enrollment. You will use a separate partner tenant to login into Partner Center – Once authorizes, you will be able to create customer accounts in any EU/EFTA country.
  2. Only partners with EU/EFTA business address are allowed to enroll to German Partner Center.
  3. Partner Center capabilities for German partner accounts are limited. Check here for details.
  4. All Azure services will be deployed in Germany (the same for Office 365). You can’t assign your customer a Global Azure subscription from German Partner Center account.
  5. German CSP services are billed in 6 local currencies – EUR, GBP, NOK, SEK, DKK, CHF.
  6. License-based Azure subscriptions (Azure AD, Azure MFA etc.) are not available. Only usage-based Microsoft Azure Germany – CSP.
  7. Not all Azure CSP services are available in Germany. Check here for details.
  8. Despite the fact that Azure Machine Learning is available in Azure Germany, it is not currently available in Azure CSP subscriptions.
  9. KeyVault in Azure Germany is not accessible through Azure Portal, but it is accessible through PowerShell. There isn’t a sovereign Certificate Authority integrated in Azure Germany. You’ll need to create the CSR and then get it signed by CA of choice, and then merge the certificate in KeyVault.
  10. Not all VM sizes are available. Check here for details.
  11. Azure ADs in Global Azure and in Azure Germany are fully isolated from each other. If On-Premise AD of a German customer is already integrated with Global Azure AD (using Azure AD Connect or other tools), you won’t be able to integrate it with German Azure AD before dropping the old integration.
I think that Azure Germany is a great example of a public cloud, that is truly aligned with local regulations. I recommend all EU/EFTA CSP partners to try it.