Machine learning is a key driver in the constant evolution of security technologies at Microsoft. Machine learning allows Microsoft 365 to scale next-gen protection capabilities and enhance cloud-based, real-time blocking of new and unknown threats. Just in the last few months, machine learning has helped us to protect hundreds of thousands of customers against ransomware, banking Trojan, and coin miner malware outbreaks.

But how does machine learning stack up against social engineering attacks?

Social engineering gives cybercriminals a way to get into systems and slip through defenses. Security investments, including the integration of advanced threat protection services in Windows, Office 365, and Enterprise Mobility + Security into Microsoft 365, have significantly raised the cost of attacks. The hardening of Windows 10 and Windows 10 in S mode, the advancement of browser security in Microsoft Edge, and the integrated stack of endpoint protection platform (EPP) and endpoint detection and response (EDR) capabilities in Windows Defender Advanced Threat Protection (Windows Defender ATP) further raise the bar in security. Attackers intent on overcoming these defenses to compromise devices are increasingly reliant on social engineering, banking on the susceptibility of users to open the gate to their devices.

Modern social engineering attacks use non-portable executable (PE) files like malicious scripts and macro-laced documents, typically in combination with social engineering lures. Every month, Windows Defender AV detects non-PE threats on over 10 million machines. These threats may be delivered as email attachments, through drive-by web downloads, removable drives, browser exploits, etc. The most common non-PE threat file types are JavaScript and VBScript.

Figure 1. Ten most prevalent non-PE threat file types encountered by Windows Defender AV

Non-PE threats are typically used as intermediary downloaders designed to deliver more dangerous executable malware payloads. Due to their flexibility, non-PE files are also used in various stages of the attack chain, including lateral movement and establishing fileless persistence. Machine learning allows us to scale protection against these threats in real-time, often protecting the first victim (patient zero).

Catching social engineering campaigns big and small

In mid-May, a small-scale, targeted spam campaign started distributing spear phishing emails that spoofed a landscaping business in Calgary, Canada. The attack was observed targeting less than 100 machines, mostly located in Canada. The spear phishing emails asked target victims to review an attached PDF document.

When opened, the PDF document presents itself as a “secure document” that requires action – a very common social engineering technique used in enterprise phishing attacks. To view the supposed “secure document”, the target victim is instructed to click a link within the PDF, which opens a malicious website with a sign-in screen that asks for enterprise credentials.

Phished credentials can then be used for further attacks, including CEO fraud, additional spam campaigns, or remote access to the network for data theft or ransomware. Our machine learning blocked the PDF file as malware (Trojan:Script/Cloxer.A!cl) from the get-go, helping prevent the attack from succeeding. 

Figure 2. Phishing email campaign with PDF attachment

Beyond targeted credential phishing attacks, we commonly see large-scale malware campaigns that use emails with archive attachments containing malicious VBScript or JavaScript files. These emails typically masquerade as an outstanding invoice, package delivery, or parking ticket, and instruct targets of the attack to refer to the attachment for more details. If the target opens the archive and runs the script, the malware typically downloads and runs further threats like ransomware or coin miners.

Figure 3. Typical social engineering email campaign with an archive attachment containing a malicious script

Malware campaigns like these, whether limited and targeted or large-scale and random, occur frequently. Attackers go to great lengths to avoid detection by heavily obfuscating code and modifying their attack code for each spam wave. Traditional methods of manually writing signatures identifying patterns in malware cannot effectively stop these attacks. The power of machine learning is that it is scalable and can be powerful enough to detect noisy, massive campaigns, but also specific enough to detect targeted attacks with very few signals. This flexibility means that we can stop a wide range of modern attacks automatically at the onset.

Machine learning models zero in on non-executable file types

To fight social engineering attacks, we build and train specialized machine learning models that are designed for specific file types.

Building high-quality specialized models requires good features for describing each file. For each file type, the full contents of hundreds of thousands of files are analyzed using large-scale distributed computing. Using machine learning, the best features that describe the content of each file type are selected. These features are deployed to the Windows Defender AV client to assist in describing the content of each file to machine learning models.

In addition to these ML-learned features, the models leverage expert researcher-created features and other useful file metadata to describe content. Because these ML models are trained for specific file types, they can zone in on the metadata of these file types.

Figure 4. Specialized file type-specific client ML models are paired with heavier cloud ML models to classify and protect against malicious script files in real-time

When the Windows Defender AV client encounters an unknown file, lightweight local ML models search for suspicious characteristics in the file’s features. Metadata for suspicious files are sent to the cloud protection service, where an array of bigger ML classifiers evaluate the file in real-time.

In both the client and the cloud, specialized file-type ML classifiers add to generic ML models to create multiple layers of classifiers that detect a wide range of malicious behavior. In the backend, deep-learning neural network models identify malicious scripts based on their full file content and behavior during detonation in a controlled sandbox. If a file is determined malicious, it is not allowed to run, preventing infection at the onset.

File type-specific ML classifiers are part of metadata-based ML models in the Windows Defender AV cloud protection service, which can make a verdict on suspicious files within a fraction of a second.

Figure 5. Layered machine learning models in Windows Defender ATP

File type-specific ML classifiers are also leveraged by ensemble models that learn and combine results from the whole array of cloud classifiers. This produces a comprehensive cloud-based machine learning stack that can protect against script-based attacks, including zero-day malware and highly targeted attacks. For example, the targeted phishing attack in mid-May was caught by a specialized PDF client-side machine learning model, as well as several cloud-based machine learning models, protecting customers in real-time.

Microsoft 365 threat protection powered by artificial intelligence and data sharing

Social engineering attacks that use non-portable executable (PE) threats are pervasive in today’s threat landscape; the impact of combating these threats through machine learning is far-reaching.

Windows Defender AV combines local machine learning models, behavior-based detection algorithms, generics, and heuristics with a detonation system and powerful ML models in the cloud to provide real-time protection against polymorphic malware. Expert input from researchers, advanced technologies like Antimalware Scan Interface (AMSI), and rich intelligence from the Microsoft Intelligent Security Graph continue to enhance next-generation endpoint protection platform (EPP) capabilities in Windows Defender Advanced Threat Protection.

In addition to antivirus, components of Windows Defender ATP’s interconnected security technologies defend against the multiple elements of social engineering attacks. Windows Defender SmartScreen in Microsoft Edge (also now available as a Google Chrome extension) blocks access to malicious URLs, such as those found in social engineering emails and documents. Network protection blocks malicious network communications, including those made by malicious scripts to download payloads. Attack surface reduction rules in Windows Defender Exploit Guard block Office-, script-, and email-based threats used in social engineering attacks. On the other hand, Windows Defender Application Control can block the installation of untrusted applications, including malware payloads of intermediary downloaders. These security solutions protect Windows 10 and Windows 10 in S mode from social engineering attacks.

Further, Windows Defender ATP endpoint detection and response (EDR) uses the power of machine learning and AMSI to unearth script-based attacks that “live off the land”. Windows Defender ATP allows security operations teams to detect and mitigate breaches and cyberattacks using advanced analytics and a rich detection library. With the April 2018 Update, automated investigation and advance hunting capabilities further enhance Windows Defender ATP. Sign up for a free trial.

Machine learning also powers Office 365 Advanced Threat Protection to detect non-PE attachments in social engineering spam campaigns that distribute malware or steal user credentials. This enhances the Office 365 ATP comprehensive and multi-layered solution to protect mailboxes, files, online storage, and applications against threats.

These and other technologies power Microsoft 365 threat protection to defend the modern workplace. In Windows 10 April 2018 Update, we enhanced signal sharing across advanced threat protection services in Windows, Office 365, and Enterprise Mobility + Security through the Microsoft Intelligent Security Graph. This integration enables these technologies to automatically update protection and detection and orchestrate remediation across Microsoft 365.

Gregory Ellison and Geoff McDonald
Windows Defender Research

Talk to us

Questions, concerns, or insights on this story? Join discussions at the Microsoft community and Windows Defender Security Intelligence.

Follow us on Twitter @WDSecurity and Facebook Windows Defender Security Intelligence.

With this week’s Computex show in Taipei and other recent events, processors are front and center in the tech news cycle. Intel made several announcements ranging from new Core processors to a cutting-edge technology for extending battery life. AMD, meanwhile, unveiled a second-gen, 32-core Threadripper CPU for high-end gaming and revealed some new Ryzen chips including some embedded friendly models.

Here’s a quick tour of major announcements from Intel and AMD, focusing on those processors of greatest interest to embedded Linux developers.

Intel’s latest 8th Gen CPUs

In April, Intel announced that mass production of its 10nm fabricated Cannon Lake generation of Core processors would be delayed until 2019, which led to more grumbling about Moore’s Law finally running its course. Yet, there were plenty of consolation prizes in Intel’s Computex showcase. Intel revealed two power-efficient, 14nm 8th Gen Core product families, as well as its first 5GHz designs.

The Whiskey Lake U-series and Amber Lake Y-series Core chips will arrive in more than 70 different laptop and 2-in-1 models starting this fall. The chips will bring “double digit performance gains” compared to 7th Gen Kaby Lake Core CPUs, said Intel. The new product families are more power efficient than the Coffee Lake chips that are now starting to arrive in products.

Both Whiskey Lake and Amber Lake will provide Intel’s higher performance gigabit WiFi ((Intel 9560 AC), which is also appearing on the new Gemini Lake Pentium Silver and Celeron SoCs, the follow-ups to the Apollo Lake generation. Gigabit WiFi is essentially Intel’s spin on 802.11ac with 2×2 MU-MIMO and 160MHz channels.

Intel’s Whiskey Lake is a continuation of the 7th and 8th Gen Skylake U-series processors, which have been popular on embedded equipment. Intel had few details, but Whiskey Lake will presumably offer the same, relatively low 15W TDPs. It’s also likely that like the Coffee Lake U-series chips it will be available in quad-core models as well as the dual-core only Kaby Lake and Skylake U-Series chips.

The Amber Lake Y-series chips will primarily target 2-in-1s. Like the dual-core Kaby Lake Y-Series chips, Amber Lake will offer 4.5W TDPs, reports PC World.

To celebrate Intel’s upcoming 50th anniversary, as well as the 40th anniversary of the first 8086 processor, Intel will launch a limited edition, 8th Gen Core i7-8086K CPU with a clock rate of 4GHz. The limited edition, 64-bit offering will be its first chip with 5GHz, single-core turbo boost speed, and the first 6-core, 12-thread processor with integrated graphics. Intel will be giving away 8,086 of the overclockable Core i7-8086K chips starting on June 7.

Intel also revealed plans to launch a new high-end Core X series with high core and thread counts by the end of the year. AnandTech predicts that this will use the Xeon-like Cascade Lake architecture. Later this year, it will announce new Core S-series models, which AnandTech projects will be octa-core Coffee Lake chips.

Intel also said that the first of its speedy Optane SSDs — an M.2 form-factor product called the 905P — is finally available. Due later this year is an Intel XMM 800 series modem that supports Sprint’s 5G cellular technology. Intel says 5G-enabled PCs will arrive in 2019.

Intel promises all day laptop battery life

In other news, Intel says it will soon launch an Intel Low Power Display Technology that will provide all-day battery life on laptops. Co-developers Sharp and Innolux are using the technology for a late-2018 launch of a 1W display panel that can cut LCD power consumption in half.

AMD keeps on ripping

At Computex, AMD unveiled a second generation Threadripper CPU with 32 cores and 64 threads. The high-end gaming processor will launch in the third quarter to go head to head with Intel’s unnamed 28-core monster. According to Engadget, the new Threadripper adopts the same 12nm Zen+ architecture used by its Ryzen chips.

AMD also said it was sampling a 7nm Vega Instinct GPU designed for graphics cards with 32GB of expensive HBM2 memory rather than GDDR5X or GDDR6. The Vega Instinct will offer 35 percent greater performance and twice the power efficiency of the current 14nm Vega GPUs. New rendering capabilities will help it compete with Nvidia’s CUDA enabled GPUs in ray tracing, says WCCFTech.

Some new Ryzen 2000-series processors recently showed up on an ASRock CPU chart that have the lowest power efficiency of the mainstream Ryzen chips. As detailed on AnandTech, the 2.8GHz, octa-core, 16-thread Ryzen 7 2700E and 3.4GHz/3.9GHz, hexa-core, 12-thread Ryzen 5 2600E each have 45W TDPs. This is higher than the 12-54W TDPs of its Ryzen Embedded V1000 SoCs, but lower than the 65W and up mainstream Ryzen chips. The new Ryzen-E models are aimed at SFF (small form factor) and fanless systems.

Join us at Open Source Summit + Embedded Linux Conference Europe in Edinburgh, UK on October 22-24, 2018, for 100+ sessions on Linux, Cloud, Containers, AI, Community, and more. 

With Windows Autopilot, our goal is to simplify deployment of new Windows 10 devices by eliminating the cost and complexity associated with creating, maintaining, and loading custom images. Windows Autopilot will revolutionize how new devices get deployed in your organization—now you can deliver new off-the-shelf Windows 10 devices directly to your users. With a few simple clicks, the device transforms itself into a fully business-ready state, dramatically reducing the time it takes for your users to get up and running with new devices.

Not only does Windows Autopilot significantly reduce the cost of deploying Windows 10 devices but also delivers an experience that’s magical for users and zero-touch for IT.

I’m excited to share that we are extending that zero-touch experience even further with several new capabilities available in preview with the Windows Insider Program today.

• Self-Deploying mode—Currently, the Windows Autopilot experience requires the user to select basic settings like Region, Language, and Keyboard, and also enter their credentials, in the Windows 10 out-of-the-box experience. With a new Windows Autopilot capability called “Self-Deploying mode,” we’re extending the zero-touch experience from IT to the user deploying the device. Power on* is all it takes to deploy a new Windows 10 device into a fully business-ready state—managed, secured, and ready for usage—no need for any user interaction. You can configure the device to self-deploy into a locked down kiosk, a digital signage, or a shared productivity device—all it takes is power on.*
• Windows Autopilot reset—This feature extends the zero-touch experience from deployment of new Windows 10 devices to reset scenarios where a device is being repurposed for a new user. We’re making it possible to completely reset and redeploy an Intune-managed Windows 10 device into a fully business-ready state without having to physically access the device. All you need to do is click a button in Intune!

Windows Insiders can test these features with the latest Windows 10 build and Microsoft Intune now.

I cannot wait to see the feedback from the Insider community! To see how this works, and several exciting updates to Windows Autopilot, check out this quick video:

 Source video.

You can head over to the Windows IT Pro blog right now for further details.

One final note: A big part of what we build is based on feedback from our customers. With this in mind, we also added several new Windows Autopilot capabilities into the Windows 10 April 2018 Update (version 1803) based on feedback, and these capabilities are also available today:

• Enrollment Status page—We received tons of feedback from Windows Autopilot customers who want the ability to hold the device in the out-of-box setup experience until the configured policies and apps have been provisioned to the device. This enables IT admins to be assured the device is configured into a fully business-ready state prior to users getting to the desktop. This is made possible with a capability called “Enrollment Status” and is available today with Windows 10 April 2018 Update (version 1803) and Microsoft Intune.
• Device vendor supply chain integration—We enabled Windows 10 OEMs and hardware vendors to integrate Windows Autopilot into their supply chain and fulfillment systems so that devices are registered in Windows Autopilot to your organization the moment your purchase is fulfilled. This makes the registration of Windows Autopilot devices completely hands-free and zero-touch for you as well as your device vendor/OEM. Contact your device reseller to find out if they are supporting Windows Autopilot.
• Automatic Windows Autopilot profile assignment—We integrated Azure Active Directory (AD) dynamic groups with Windows Autopilot and Microsoft Intune to deliver a zero-touch experience for Windows Autopilot profile assignments on all Windows Autopilot devices.

I said this in my prior post and I’ll say it again—Windows Autopilot is an absolute game changer. I urge you to spend some time learning more about it.

To learn more about how to use Windows Autopilot and Co-Management together, check out this quick video.

*Requires network connection and TPM2.0.

By Roger Fingas
Thursday, June 07, 2018, 09:21 am PT (12:21 pm ET)

Amazon on Thursday revealed the Fire TV Cube, its latest media streamer, poised to intensify competition with the Apple TV 4K.

The Cube effectively merges the existing Fire TV with an Echo speaker. Users can not only issue typical Alexa voice commands, but control video playback as well as compatible receivers, soundbars, and cable and satellite boxes. Some devices and services support voice-based search and/or channel-changing.

Some example commands range from “Alexa, turn on the TV” or “turn up the volume” to things like “play ‘This is Us’,” “open Netflix,” or “tune to CNN.” A physical remote is included as well.

People with Alexa-compatible security cameras can use the Cube to view live feeds.

On a technical level the Cube is little different from the Fire TV apart from its speaker and microphones, though storage is doubled to 16 gigabytes, and an Ethernet adapter is bundled rather than sold separately.

There are some limitations. Sleep timers won’t work until “later this year,” Amazon says, and there’s no timeline for when Bluetooth sync, multi-room music, and Alexa calling and messaging will be added.

On paper the product is largely on par with the Apple TV 4K, and offers some advantages, primarily the ability to talk to it without a remote or holding down a button. Like the Fire TV though, it continues to support only HDR10 for high dynamic range, whereas the Apple TV 4K offers that and Dolby Vision.

Both the Fire TV and Fire TV Cube offer Dolby Atmos surround sound. Apple has promised Atmos support for months, but will only implement it with this fall’s tvOS 12.

The Cube ships June 21, and can be pre-ordered for $119.99 by the general public, or $89.99 by Prime members.

There is a good chance that your web app uses a database. In my previous post introducing Azure App Service, I showed some of the benefits of hosting apps in Azure App Service, and how easy it is to get a basic site running in a few clicks. In this post I’ll show how to set up a SQL Azure database along with an App Service Web App from Visual Studio, and apply Entity Framework automatically as part of publish.

Let’s get going

To get started, you’ll first need:

• Visual Studio 2017 with the ASP.NET and web development workload installed (download now)
• An Azure account:
  
• Any ASP.NET or ASP.NET Core app that uses a SQL Database. For the purposes of this post, I’ll create a new ASP.NET Core app with Individual Authentication:
  
  • On the “New ASP.NET Core Web Application” dialog, click the “Change Authentication” button.
    
• Then select the “Individual User Accounts” radio button and click “OK”.
• Click OK.

I can now run my project locally (F5) and create user accounts which will be stored in a SQL Server Express Local DB on my machine.

Publishing to App Service with a Database

Let’s publish our application to Azure. To do this, I’ll right click my project in Solution Explorer and choose “Publish”

This brings up the Visual Studio publish target dialog, which will default to the Azure App Service pane with the “Create new” radio button selected. To continue click “Publish”.

This brings up the “Create App Service” dialog (see the “Key App Service Concepts” section of my previous post for an explanation of the fields). To create a SQL Database for our app to use, click the “Create a SQL Database” link in the top right section of the dialog.

This will bring up the “Configure SQL Database” dialog.

• Note: If you are using a Visual Studio Enterprise subscription, many regions will not let you create a SQL Azure database so I recommend choosing “East US” or “West US 2” depending on where you are located (we are adding logic in in the Visual Studio 2017 15.8 update to remove those regions if that’s the case, but for now you’ll need to choose an appropriate region). To do this, click the “New…” button next to your “Hosting Plan Dropdown” and pick the appropriate region (“East US” or “West US 2”).
• Since I don’t have an existing SQL Server, the first thing I need to do is create a server to host the database, so I’ll click the “New…” button next to the “SQL Server” dropdown,
• Choose a location for the database.
• Provide an administrator user name and password for the server
• Click “OK”
  
• Make sure the connection string name field matches the name of the connection string your application uses to access the database (if using a new project, it is “DefaultConnection” which will be prepopulated for you).
  
• Click OK
• Then click the “Create” button on the “Create App Service” dialog

It should take ~2-3 minutes to create all of the resources in Azure, then your application will publish and a browser will open to your home page.

Configuring EF Migrations

At this point there is a database for your app to use in the cloud, but EF migrations have not been applied, so any functionality that relies on the database (e.g. Registering for a user account) will result in an error.

To apply EF migrations to the database:

• Click the “Configure…” button on the publish summary page
  
• Navigate to the “Settings” tab
• When it finishes discovering data contexts, expand the “Entity Framework Migrations” section, and check the “Apply this migration on publish” for all of the contexts it finds
  
• Click “Save”
• Click Publish again, in the output window you should see “Generating Entity framework SQL Scripts” and then “Generating Entity framework SQL Scripts completed successfully”
  

That’s it, your web app and SQL Azure database are both configured and running in the cloud.

Conclusion

Hopefully, this post showed you how easy it is to try App Service and SQL Azure. We believe that for most people, App Service is the easiest place to get started with cloud development, even if you need to move to other services in the future for further capabilities (compare hosting options). As always, let us know if you run into any issues, or have any questions below or via Twitter.

By Joe Robinson 07 Jun 2018

It didn’t take long at all for Kubernetes to become a star in the open source arena, emerging as the standard way to containerize applications at scale. Kubernetes is ushering in “operations transformation” and helping organizations make the transition to cloud-native computing, said Craig McLuckie, co-founder and CEO of Heptio and a co-founder of Kubernetes at Google, in a recent  free webinar.  

However, Kubernetes, which was created at Google and donated to the Cloud Native Computing Foundation, is known to be complex and can create many maintenance and deployment challenges. To address that, new classes of community-created complementary and helper applications are helping to tame Kubernetes.

At the Helm

The Helm project is a case in point. The Cloud Native Computing Foundation recently voted to accept Helm as an incubation-level hosted project. Helm is a package manager that provides an easy way to find, share, and use software built for Kubernetes. It removes complexity from configuration and deployment, and enables greater developer productivity.

“Helm addresses a common user need of deploying applications to Kubernetes by making their configurations reusable,” said Brian Grant, Principal Engineer at Google, and Kubernetes SIG Architecture co-chair and Steering Committee member. “Both the Helm and Kubernetes projects have grown substantially. As Kubernetes shifts its focus to its own core in order to better manage this growth, CNCF is a great home for Helm to continue making it easier for developers and operators to streamline Kubernetes deployments.”

According to a recent Kubernetes Application Survey, 64 percent of the application developers, application operators, and ecosystem tool developers who answered the survey reported using Helm to manage apps on Kubernetes.

Ease of management

But Helm is hardly the only open tool helping to ease the burden of managing Kubernetes. Microsoft has open sourced Draft, a tool that streamlines application development and deployment into any Kubernetes cluster. “Using two simple commands, developers can now begin hacking on container-based applications without requiring Docker or even installing Kubernetes themselves,” notes Gabe Monroy, PM Lead for Containers at Microsoft. “You can customize Draft to streamline the development of any application or service that can run on Kubernetes.” See this process in action here.

Are you aware that your iOS or Android smartphone can play a role in demystifying and operating Kubernetes? Cabin lets Kubernetes administrators leverage a dashboard from their phones. It drives many of the processes and features that you’ll find in the complete Kubernetes dashboard, ranging from reading pod logs to working with web-based apps that Kubernetes hosts, to accessing Helm charts.

Red Hat, too, has been helping users streamline their Kubernetes implementations. Through its acquisition of San Francisco-based startup Codenvy, Red Hat is giving developers options for building out cloud-based integrated development environments, including working with Kubernetes and containers. Codenvy is built on the open source project Eclipse Che, which offers a cloud-based Integrated Developer Environment (IDE) and development environment. The OpenShift.io cloud-based container development service from Red Hat already integrates Codenvy’s Eclipse Che implementation.

Dashboards are proven as good tools for simplifying administration of many kinds of processes, and although Kubernetes has a basic dashboard, efficient community-created dashboards are emerging. Kube-ops-view is a popular one. It gives you optics across multiple Kubernetes clusters, with graphical representations across the board that allow you to monitor memory and CPU usage, and more.

Writing and maintaining application definitions is one of the more complex aspects of running Kubernetes, and Kedge is a popular open tool that offers a simplified approach. With Kedge, you can supply a Kubernetes definition in simple form and Kedge expands into a full and correct application definition. It basically lets you work with shortcuts.

The move toward containers shifts many types of dependencies pertaining to applications, and it shifts how applications are created. Kubernetes has proven to be an essential orchestration tool as these changes take place, and it is good to see open tools that can help streamline Kubernetes itself and make developing applications easier.

To learn more about Kubernetes, check out the sample course materialsfor Kubernetes Fundamentals (LFS258), an online, self-paced course developed by The Linux Foundation Training that gives a high-level overview of what Kubernetes is and the challenges it solves. Download a free sample chapter now.

Please join us at the 2018 ISTE Conference & Expo taking place June 24^th-27^th in Chicago, Illinois.

Register for ISTE 2018 here. If you won’t be at ISTE this year, don’t worry! You can tune into What’s New in EDU: Live from ISTE each day the week of ISTE. You can also tune in on Facebook Live for HacktheClassroom.

10 Happenings from Microsoft Education at ISTE (and online for those #NOTAtISTE):

1. See ALL things Microsoft Education on our ISTE page.

2. Visit the Booth: Microsoft Education in the Expo Hall at #1102. We have dozens of sessions and training opportunities planned to help teachers save time by showing them ways to keep classrooms organized, create lessons, give students personalized feedback and track grades.

In the Booth: Classroom, devices, demos

Explore. Drop by booth #1102 to attend our sessions and your get hands on our latest education devices. Plus, you can enter to win a Surface!*

In the Booth: Visit our STEM Experience in partnership with BBC Learning

Visit booth #1102 to see how you can build future-ready skills in your classroom with hands-on learning through educator-built lesson plans that align to both ISTE and NGSS standards. Take your students on an underwater global odyssey in Oceans: Our Blue Planet, a BBC Earth and OCEANX film that reveals extraordinary discoveries and untold stories of the oceans’ most astonishing creatures.

3. Join Edtech Influencers and change-makers, Steven Andersen and Shaelynn Farnsworth, at 1:00 PM CT on Tuesday in the Microsoft Booth for, “Differentiation: Meeting the Diverse Needs of Learners with Technology,” a Microsoft-exclusive session. You can find info on all the Microsoft sessions here.

4. Register for the Microsoft Innovative Educator (MIE) Academies:

Microsoft Innovative Educator (MIE) Teacher Academy

Bring your own device to this one-day training designed for K-12 classroom educators who want to learn more about Microsoft’s tools and resources. Saturday, June 23rd at 8:30 a.m. – 3:30 p.m. Register now.

Microsoft Innovative Educator (MIE) Trainer Academy

This two-day, in-depth training is exclusively for K-12 education teacher trainers responsible for delivering professional development training in their school districts. Saturday, June 23rd and Sunday, June 24th, 8:30 a.m. – 3:30 p.m. Register now.

5. Minecraft: Education Edition Training: Bring your Windows 10 device to this one-day training to learn how to use Minecraft in your classroom to promote creativity, collaboration, and problem-solving. Sunday, June 24th, 8:30 a.m. – 3:30 p.m. Register now.

6. Hands on Learning Lab | NEW! Play. Explore the latest technology through an immersive experience in Convention Center Room 185A. Enter a drawing sweepstakes for a chance to win a Surface Studio, attend a hands-on learning Make Code workshop, explore Collaboration Tools and much more!

7. Hack the Classroom | LIVE! Get Inspired. Hack the Classroom is an exciting, online, live event designed to show you what’s possible and ignite new ideas. This year, we will be live from ISTE bringing you the latest tools designed to empower your students to create the world of tomorrow! Learn more here.

8. Free Certifications | Grow. In our mission to support educators, we are offering FREE Microsoft Office Specialist (MOS), Microsoft Certified Educator (MCE) and Microsoft Technical Certified – Touch Develop (MTC) exam testing. Drop by the Marriott Room Shedd AB. To prepare and learn more please continue to visit aka.ms/ISTE18 for additional information and resources on Certification Testing.

9. IT Bootcamp | Get hands on. Looking to experience an IT Bootcamp through the eyes of a student? Join the IT Bootcamp Classroom in our Expo Floor Meeting Space area.

10. MIE Teacher Sessions | Listen & Learn. Join Microsoft Educators at the Hyatt Clark room to learn what’s new in Inclusive and Accessibility Tools; explore Collaboration tools between teachers, students and staff; and see how to inspire creativity with digital inking, mixed reality and 3D + STEM topics like Minecraft, Make code, Hacking Stem, Girls in Stem and Computer Science.

11. Get 1:1 support and connect with a Microsoft Training Partner at ISTE. You can even find your local Microsoft Learning Consultant at ISTE. Microsoft Learning Consultants attending ISTE include:

More happenings you won’t want to miss:

Spotlight on Solutions

Share & Learn. Join our panel sessions in room 183B. Panel members will be a mix of school leaders, school teachers along with both community and Microsoft team members to foster an open dialog with several points of view.

Microsoft Partners

Explore and learn. Visit the Microsoft Booth #1102 to learn more about inspiring Education Apps available in the Microsoft Store for Education. There will be a blend of demos from teachers sharing their practices throughout the booth experience.

ISTE + Microsoft Collaboration

Collaboration. Join Microsoft Educators in the official ISTE + Microsoft Collaboration Room. We will cover various educational technology topics to keep you at the forefront of how students are learning in today’s modern classrooms. Join us in the Convention Center #184D.

Computer Science Firehose

Dig Deep. Please join Microsoft Educators at the CS Firehose Track. They will share all the latest on Minecraft: Education Edition with code builder, Makecode.com, #HackingStem, Youthspark’s Make What’s Next Initiative and an overview of Microsoft Imagine Academy’s CS curriculum offerings.

You can view all the 2018 sessions here.

*Enter for your chance to win a Surface device at Booth #1102. Simply pick up an activity card at the Booth’s welcome desk, complete the activities listed, then return it to that same welcome desk. We’ll be drawing three winners each day!

Similar to the embedded devices that came before them, modern IoT devices are often used in places where physical servicing is difficult and expensive. For example, it’s expensive for an oil company to put a technician on a helicopter to service equipment on a platform at sea. As a result, commercial IoT devices need to be supported and in service for far longer than their consumer counterparts.

Today at Computex 2018, we are excited to announce Windows 10 IoT Core Services. This offering will provide 10 years of support along with services to manage device updates and assess device health, enabling our IoT partners to create solutions to address their customers’ needs.

Windows 10 IoT Core is an edition of Windows 10 designed for building smart things and optimized to power intelligent edge devices. First released in 2015, it has been adopted by industry innovators such as Johnson Controls, Askey, and Misty Robotics.

Building on the Windows 10 IoT Core operating system, Windows 10 IoT Core Services will be a paid offering for IoT devices. The free edition of Windows 10 IoT Core will still be available via the Semi-Annual Channel (SAC).

1. 10 years of Windows OS support via the Windows Long-Term Servicing Channel (LTSC) which provides quality updates to keep device security up to date. Devices using the LTSC release won’t receive feature updates, enabling them to focus on stability by minimizing changes to the base operating system. Microsoft typically offers new LTSC releases every two to three years, with each release supported over a 10-year lifecycle.
2. Update control with the newly announced Device Update Center (DUC) which provides the ability to create, customize, and control device updates. These updates are distributed by the same Content Distribution Network (CDN) as Windows Update which is used daily by millions of Windows customers around the world. Updates can be applied to the operating system, device drivers, as well as OEM-specific applications and files. Updates can be flighted to test devices prior to broader distribution.
3. Device Health Attestation (DHA) enables enterprises and OEMs to raise the security bar of their organization with hardware-attested security. Evaluating the trustworthiness of a device at boot is essential for a trusted IoT system and a device cannot attest to its own trustworthiness. Instead, this must be done by an external entity such as DHA Azure cloud service. This service evaluates device health and can be combined with a device management system, such as Azure IoT Device Management. With this, you can take actions, for example, re-imaging the device, denying network access or creating a service ticket.

With these features, you can commercialize a device built on Windows 10 IoT Core and know that you have the enterprise-grade support and security that is synonymous with Windows. We are currently in limited preview with this service; to join, please email iotservices@microsoft.com. A broader preview will be ready in July 2018, with general availability later this year.

Earlier in the year, we announced that with the next release of Windows 10 IoT, we will provide 10 years of support for both Windows 10 IoT Core and Windows 10 IoT Enterprise. We also announced a partnership with NXP to support Windows 10 IoT Core on their i.MX 6 and i.MX 7 processors. The Windows 10 IoT Core Services offering builds on these announcements, as we continue to evolve the platform and make investments to support the IoT devices of today and tomorrow. We are excited about the possibilities and hope you will join us to create the future of IoT.

Windows 10 IoT – Tomorrow’s IoT today

Tweet This

Updated June 5, 2018 11:03 pm