Search
Close this search box.

BUI Cyber Research – Resolving a vulnerability in outdated versions of Microsoft Teams

In October 2023, a significant software security vulnerability was discovered that impacts Microsoft Teams. The vulnerability, designated as CVE-2023-4863, affects not only Microsoft Teams but also Microsoft Edge, Skype for Desktop, and WebP Image Extensions.

Although software updates have been released for Microsoft Teams, Microsoft Defender continues to flag multiple devices as vulnerable. The persistence of this vulnerability is due to the Machine-wide Installer, which installs Teams for all profiles, while deployed updates only update the Teams.exe file for the logged-in user.

While Microsoft does not provide direct remediation for this specific issue, there are steps you can take to address it. Although manual remediation via scripting may not be ideal, a script released on GitHub by Lee Vilenski has proven to be very successful.

Figure 1: Notable reduction of exposure due to deployment of the remediation script
Figure 1: Notable reduction of exposure due to deployment of the remediation script

We have modified Vilenski’s script to meet our requirements and deployment methods, as shown below. The original script can be found here.

Script

# Define minimum acceptable version (replace with your desired version)
$minVersion = “1.7.00.8651”

############### Do Not Edit Below This Line #################################

###Finding SIDs for loop
# Regex pattern for SIDs
$PatternSID = ‘S-1-5-21-\d+-\d+\-\d+\-\d+$’

# Get Username, SID, and location of ntuser.dat for all users
$ProfileList = gp ‘HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*’ | Where-Object {$_.PSChildName -match $PatternSID} |
Select @{name=”SID”;expression={$_.PSChildName}},
@{name=”UserHive”;expression={“$($_.ProfileImagePath)\ntuser.dat”}},
@{name=”Username”;expression={$_.ProfileImagePath -replace ‘^(.*[\\\/])’, ”}}

# Get all user SIDs found in HKEY_USERS (ntuder.dat files that are loaded)
$LoadedHives = gci Registry::HKEY_USERS | ? {$_.PSChildname -match $PatternSID} | Select @{name=”SID”;expression={$_.PSChildName}}

# Get all users that are not currently logged
$UnloadedHives = Compare-Object $ProfileList.SID $LoadedHives.SID | Select @{name=”SID”;expression={$_.InputObject}}, UserHive, Username

# Loop through each profile on the machine
Foreach ($item in $ProfileList) {
# Load User ntuser.dat if it’s not already loaded
IF ($item.SID -in $UnloadedHives.SID) {
reg load HKU\$($Item.SID) $($Item.UserHive) | Out-Null
}

#####################################################################


# Check and potentially remove outdated Teams versions

# Get Teams uninstall keys for the user
$teamsUninstallKeys = Get-ItemProperty registry::HKEY_USERS\$($item.SID)\Software\Microsoft\Windows\CurrentVersion\Uninstall\Teams*

if ($teamsUninstallKeys) {
foreach ($teamsKey in $teamsUninstallKeys) {
# Check DisplayVersion and remove key if outdated (with confirmation)
$displayVersion = $teamsKey.DisplayVersion

if ($displayVersion -lt $minVersion) {
$uninstallString = “C:\Users\$($item.Username)\appdata\local\microsoft\teams\update”
# Consider error handling for uninstall process (not shown here)
try {
Start-Process -FilePath $uninstallString -ArgumentList “–uninstall” -Wait -Verb RunAsAdministrator
} catch {
}

# Remove the Teams uninstall key (use with caution)
Remove-Item -Path “registry::HKEY_USERS\$($item.SID)\Software\Microsoft\Windows\CurrentVersion\Uninstall\$($teamsKey.PSName)” -Recurse}
}

} # Unload ntuser.dat
IF ($item.SID -in $UnloadedHives.SID) {
[gc]::Collect()
reg unload HKU\$($item.SID) | Out-Null
}
}

################## Remove Teams where Regkey doesn’t exist #############################

 

$userProfiles = Get-ChildItem -Path “C:\Users” -Directory -Exclude Default,Public
# Loop through each user profile
foreach ($profile in $userProfiles) {
# Check if Teams executable exists
$teamsPath = Join-Path -Path $profile.FullName -ChildPath “AppData\Local\Microsoft\Teams\current\Teams.exe”
if (Test-Path $teamsPath) {
# Get the installed version
$installedVersion = (Get-ItemProperty $teamsPath).VersionInfo.FileVersion

# Check version – inform about outdated and above versions
if ($installedVersion -lt $minVersion) {
Write-Host “Outdated Teams version found in $($profile): $installedVersion”
# Uninstall Teams (requires admin privileges)
Remove-Item -Path $teamsPath -Recurse -Force -ErrorAction SilentlyContinue
if ($?) {
Write-Host “Uninstalled Teams from $profile successfully.”
} else {
Write-Host “Failed to uninstall Teams from $profile.”
}
} else {
Write-Host “Teams version in $profile ($installedVersion) is above or meets the minimum requirement.”
}
}
}

Please see below steps to implement the remediation script using Microsoft Intune:

  1. Copy the Script code above into Notepad and save as a PowerShell file (TeamsUpdate.ps1)
  2.  In Microsoft Intune,
    • Navigate to the Devices blade,
    • Select Scripts and remediations,
    • Select the Platform scripts tab
Figure 2: Step 2 Navigating to Platform scripts
Figure 2: Step 2 Navigating to Platform scripts

3. Select Add/Create to create a new script, select Windows 10 and later

Figure 3: Step 3 Adding a Platform script
Figure 3: Step 3 Adding a Platform script

4. Enter Name and Description for script

Figure 4: Step 4 Configuring the Platform script
Figure 4: Step 4 Configuring the Platform script

5. Under script settings:

    • Upload the script
    • Set “Run this script using the logged-on credentials” to No
    • Set “Enforce script signature check” to No
    • Set “Run script in 64bit PowerShell Host” to Yes
Figure 5: Step 5 Configuring the Platform script
Figure 5: Step 5 Configuring the Platform script

6. On next screen, Assign the script to the All devices group

Figure 6: Step 6 Assigning the Platform script
Figure 6: Step 6 Assigning the Platform script

7. Save

By BUI SecOps Principal Technical Consultant, Terryanne du Toit and BUI SecOps Technical Consultant, Danie Miller.

Copilot for Microsoft 365: It’s got lots of friends

In Part 4 of our Copilot for Microsoft 365 spotlight series, Cloud Security Architect Neil du Plessis highlights neighbouring technologies, including Copilot for Azure and Copilot for Sales.

By Neil du Plessis | Cloud Security Architect, BUI

The artificial intelligence that powers Copilot for Microsoft 365 is also used in neighbouring Microsoft technologies for the modern workplace. Copilot for Azure, Copilot for Sales, Copilot for Service, Microsoft Copilot Studio, and Microsoft Copilot for Security are either coming soon or already available to Business and Enterprise customers. Let’s take a closer look at each one.

1. Copilot for Azure

Microsoft describes Copilot for Azure as an AI-powered assistant that simplifies the design, operation, optimisation, and troubleshooting of applications and infrastructure within the Azure ecosystem. It utilises Large Language Models, the Azure control plane, and insights about your Azure and Azure Arc-enabled assets to help you streamline cloud orchestration and management.

Highlights: Copilot for Azure can help you design and develop your cloud applications, choose the best frameworks, languages, and tools, and test and debug your code. It can also help you deploy and manage your applications by providing automation, scalability, and monitoring. In addition, Copilot for Azure can recommend ways to optimise costs and improve security and compliance in your environment.

Availability: Copilot for Azure is currently in preview, and existing Azure customers and Microsoft Partners can apply to participate. If you’re interested, review the registration process before filling in the application form.

2. Copilot for Sales

Copilot for Sales is designed to help your sales teams boost productivity, improve customer engagements, and close more deals. It takes the foundational capabilities of Copilot for Microsoft 365 and enhances them by connecting to customer relationship management platforms (like Microsoft Dynamics 365 Sales and Salesforce Sales Cloud) and providing sales teams with relevant in-app insights and recommendations to enhance customer interactions.

Highlights: According to Microsoft, Copilot for Sales empowers your sellers to simplify daily tasks, personalise customer interactions, and streamline workflows. From drafting emails in Outlook and setting up meetings in Teams to creating pitch decks in PowerPoint and data visualisations in Excel, Copilot for Sales is geared to help sales teams accomplish more in less time with AI-powered communication, content, and CRM activities.

Availability: Copilot for Sales is available now for $50 per user per month, which includes the requisite Copilot for Microsoft 365 licence. If you already have Copilot for Microsoft 365 (via your Office 365 E3, Office 365 E5, Microsoft 365 E3, Microsoft 365 E5, Microsoft 365 Business Standard, or Microsoft 365 Business Premium subscription), then you can get Copilot for Sales for an additional $20 per user per month. The Copilot for Sales pricing guide has further details, terms, and conditions.

3. Copilot for Service

Copilot for Service applies artificial intelligence to your call centre operations to help your customer service and support teams handle customer interactions more efficiently. Copilot for Service brings together all relevant content from your CRM platforms, websites, SharePoint sites, and third-party knowledge bases (like Salesforce, ServiceNow, and Zendesk) and puts it at your agents’ fingertips through conversational AI.

Highlights: Your customer service and support teams can enter natural language prompts and Copilot for Service will generate answers based on your organisational content – from call centre playbooks and user manuals to customer records and case histories in your CRM tools. Your agents can do this in their flow of work during real-time engagements with customers to handle queries faster, resolve issues earlier, and improve customer satisfaction over time.

Availability: Copilot for Service is available now for $50 per user per month, which includes the requisite Copilot for Microsoft 365 licence. If you already have Copilot for Microsoft 365 (via your Office 365 E3, Office 365 E5, Microsoft 365 E3, Microsoft 365 E5, Microsoft 365 Business Standard, or Microsoft 365 Business Premium subscription), then you can get Copilot for Service for an additional $20 per user per month. The Copilot for Service pricing guide has further details, terms, and conditions.

4. Microsoft Copilot Studio

Unveiled by Microsoft at the 2023 Microsoft Ignite conference, Microsoft Copilot Studio is a low-code tool that enables you to tailor Copilot for Microsoft 365 and build your own AI-driven copilots by leveraging conversational features like custom GPTs and generative AI plugins.

Highlights: With Microsoft Copilot Studio, you’re able to personalise Copilot for Microsoft 365 according to your business needs. You can develop, test, and publish standalone copilots and regulate and secure them with the appropriate permissions, data access, and user controls. You can also see the end-to-end lifecycle of your customisations and standalone copilots in one place, which makes building, deploying, managing, and analysing them easier and simpler. In addition, you can use Microsoft Copilot Studio to link Copilot to other data sources to access any system of record, including SAP, ServiceNow, and Workday.

Availability: Microsoft Copilot Studio is available now, and the integration with Copilot for Microsoft 365 is currently in public preview. The Microsoft Copilot Studio website has further details, terms, and conditions.

5. Microsoft Copilot for Security

Microsoft Copilot for Security was also announced at the 2023 Microsoft Ignite conference, where Microsoft explained it as an AI-powered cybersecurity product that “enables security professionals to respond to cyberthreats quickly, process signals at machine speed, and assess risk exposure in minutes”.

Highlights: Microsoft Copilot for Security combines an advanced Large Language Model with a security-specific model informed by Microsoft’s unique global threat intelligence and more than 65 trillion daily signals. The result is a sophisticated, security-focused AI assistant that can provide actionable responses to your natural language questions. These responses can be in the form of text, code, or a visual that helps you understand the full context of a security incident, its impact, and the next steps you should take for remediation and defence hardening.

Availability: Microsoft Copilot for Security is currently in private preview through an invitation-only Early Access Programme for customers and Microsoft Partners. BUI is participating in the Microsoft Copilot for Security Partner Private Preview, and is working with Microsoft product teams to help shape product development. Learn more in our news update.

With Copilot for Azure, Copilot for Sales, Copilot for Service, Microsoft Copilot Studio, and Microsoft Copilot for Security, Microsoft is expanding its range of AI-powered technologies to help you streamline cloud orchestration and management, boost sales productivity, improve customer service, spur innovation, and secure your data and resources. The sooner you start exploring these tools, the sooner you’ll be ready to empower your teams for even greater success.

BUI Cloud Security Architect Neil du Plessis is a certified CISSP and Microsoft Cybersecurity Expert specialising in holistic, cloud-powered defences for modern workplaces.

Wondering if Copilot for Microsoft 365 is right for your organisation? Join the BUI team for an interactive workshop and we’ll assess your Copilot for Microsoft 365 readiness and define a road map for your adoption journey. The workshop is conducted virtually, and is suitable for senior business development managers, line-of-business leaders, managers, technical decision-makers, and end-users. Register your interest by completing this digital form and we’ll contact you directly.

BUI Cyber Research: Critical Microsoft Defender FlawBUI Cyber Research – Unveiling a Critical Vulnerability in Microsoft Defender XDR’s Attack Surface Reduction rules

Terms and Conditions for this security vulnerability disclosure blog:

  1. Disclosure Policy. We follow a responsible disclosure policy, notifying vendors of vulnerabilities at least 90 days before public disclosure, and working co-operatively to resolve issues.
  2. Disclaimer. The information provided is for educational purposes only. We are not responsible for any misuse of this information.
  3. Ethical Considerations. Readers are urged to act ethically and legally when investigating and disclosing vulnerabilities.
  4. Use of Information. Information from this blog may not be used for illegal purposes or reproduced without permission.
  5. Feedback. We welcome feedback and corrections to ensure the accuracy and relevance of our content. Please email us (info@bui.co) or use the digital form on our contact page to submit feedback.
  6. Legal Compliance. Readers must comply with all applicable laws when testing for and disclosing vulnerabilities.

Microsoft Defender XDR is a comprehensive cybersecurity solution designed by Microsoft to protect organisational networks and devices. At its core are the Attack Surface Reduction (ASR) rules, which are strategic security protocols aimed at minimising the vulnerabilities and pathways exploited by cyber threats. These rules act as a crucial line of defence, shielding endpoints from various attack vectors such as malicious documents, scripts, and other potentially harmful activities. However, despite their importance in fortifying cybersecurity defences, recent scrutiny has uncovered a critical vulnerability within these ASR rules. This vulnerability poses a significant risk as it allows adversaries to bypass established security measures without triggering alerts or raising suspicion, thereby compromising the effectiveness of Microsoft Defender XDR’s defence mechanisms.

Regrettably, a remedy for this issue is not yet available*. Consequently, recourse to Advanced Hunting queries armed with Custom detection rules becomes imperative to diligently monitor for any indicators of compromise, thereby mitigating potential risks.

* Table 1: BUI researchers logged two notices via the Microsoft Security Response Center. The details are included here in Table 1.

Critical Vulnerability explained

Attack Surface Reduction (ASR) rules are configured on devices by means of a registry key. The contents of this key include the GUID for the specific ASR rule as well as the state of the rule (Block, Audit).

The registry key is not protected and can be modified without triggering any alerts, essentially bypassing ASR rules, which could result in negation of the protection.

Registry Key:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager\ASR Rules

Critical Vulnerability demonstrated

By following the steps below, ASR rules can be bypassed. The rule Block all Office applications from creating child processes will be tested.

Bypassing ASR rules:

  1. Launch an elevated PowerShell session and run the following commands to confirm that ASR rules are configured:

       Get-MpPreference | Select-Object -expandproperty AttackSurfaceReductionRules_Ids

       Get-MpPreference | Select-Object -expandproperty AttackSurfaceReductionRules_Actions

  1. Navigate to the following registry hive:

       Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager\

  1. Open the following registry key:

       ASR Rules

  1. Delete the contents of the registry key.
  2. Rerun the following commands in an elevated PowerShell to confirm that the ASR rule configuration has been removed:

       Get-MpPreference | Select-Object -expandproperty AttackSurfaceReductionRules_Ids

       Get-MpPreference | Select-Object -expandproperty AttackSurfaceReductionRules_Actions

Testing the bypass:

  1. Create a simple bat file to create a folder.

       Example: Mkdir “c:\tools\new folder”

  1. Launch Microsoft Word.
  2. Enable the Developer Tools tab on the Ribbon.
  3. Create a new Macro and edit the Macro in Visual Basic.
  4. Enter the following code:

       Sub [your Macro name] ()

       Dim str As String

       Str = “cmd.exe /C [location of bat file]

       shell str, vbMaximizedFocus

       End Sub

       Example shown here in screenshot:

  1. Run the Macro and verify that a folder has been created. See screenshot:

The successful creation of a folder indicates that ASR rules have been successfully bypassed.

Running the same Macro without bypassing the ASR rules results in the following alert:

Mitigation strategies

By determining the current ASR policy configuration and monitoring for any changes to this configuration, Advanced Hunting queries with Custom detection rules can act as a potential mitigation strategy until this critical vulnerability is remediated.

  1. Determine the current configuration by viewing the following registry key:

       Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager\ASR Rules

  1. Within Microsoft Defender XDR, run the following Advanced Hunting Query:

       DeviceRegistryEvents

       | where RegistryKey has “HKEY_LOCAL_MACHINE”

       and RegistryKey has “SOFTWARE”

       and RegistryKey has “Microsoft”

       and RegistryKey has “Windows Defender”

       and RegistryKey has “Policy Manager” or

       RegistryKey contains RegistryValueName == “ASRRules” and RegistryValueData != PreviousRegistryValueData and RegistryValueData != “ [Enter your registry key value here]

  1. From the Advanced Hunting query, create a Custom detection rule. 
  1. Configure the Alert details, Impacted Entities, Actions as required.

       Suggested configurations:

       Frequency: Every hour

       Impacted Entity: Device | Device ID

       Actions: Run antivirus scan

Once configured, the Custom detection rule will run once every hour and generate an alert for all devices in which the ASR rule registry key has changed.

Any alerts should be investigated as running a Microsoft Defender Antivirus scan alone will not be a sufficient response.

It is important to note that the registry key in the Advanced Hunting query should be updated after any change is made to the ASR rules.

Copilot for Microsoft 365: How to prepare yourself

In Part 3 of our Copilot for Microsoft 365 spotlight series, Cloud Security Architect Neil du Plessis outlines the steps to take to prepare yourself for AI-powered productivity.

By Neil du Plessis | Cloud Security Architect, BUI

Copilot for Microsoft 365 is an innovative tool that can transform how you work with computers. However, as with any new technology, it requires some preparation and adaptation on your part to ensure the most beneficial results in the long run.

Jared Spataro, the Corporate Vice President of Modern Work and Business Applications at Microsoft, once said that “becoming an AI-powered organisation doesn’t happen with the flip of a switch”. And he was right: you have to understand Copilot’s features and functionality before you can harness its full potential. Here are three important steps in the preparation journey.

1. Learn how to use Copilot for Microsoft 365.

Copilot is a powerful AI assistant that can help you with numerous tasks and activities in your Microsoft 365 apps, but it’s not a magic solution to every problem. You will need to learn how to use Copilot effectively – by composing clear prompts, providing relevant details and parameters, and reviewing and refining outputs.

You’ll also need to explore the frameworks guiding and controlling Copilot so that you understand how data security policies, privacy policies, and responsible AI checks are applied. Fortunately, there are plenty of resources available online, from technical documentation to in-depth tutorials and walkthroughs. You can also watch these introductory videos to see how Copilot for Microsoft 365 works:

Carmen Zlateff, Microsoft Windows vice president, explains how Windows 11 and Copilot work together during her presentation on stage at the Microsoft Copilot event in New York City in September 2023. Image credit: Microsoft

2. Develop your prompt engineering and critical thinking skills.

Even though Copilot can help you augment your capabilities, it’s no substitute for your unique human intelligence. Remember that Copilot uses generative artificial intelligence to draft responses to your prompts, providing an output based on your input.

A well-structured, specific prompt with appropriate context will yield a more accurate result than a vague query. If you take the time to develop your prompt engineering skills and evaluate, analyse, and even interrogate Copilot’s output, you’ll be better prepared to use the tool properly.

It’s also essential to apply your professional judgement, ethical standards, and niche industry or domain knowledge to your tasks and projects with Copilot. After all, the tool doesn’t have the benefit of your personal experience, expertise, or emotion.

3. Keep practising – and find a community of Copilot for Microsoft 365 users.

Copilot is designed to be your digital assistant. Your AI sidekick. Your know-a-lot companion in Excel, Outlook, PowerPoint, Teams, and Word. But there will be a learning curve at the beginning – for you and the tool.

Because Copilot learns from context and adapts over time, it may not generate perfect responses to your queries from the start. You’ll need to experiment with different prompts and fine-tune your inputs to get high-quality outputs, so keep practising.

It’s also a good idea to join an online forum or community group of fellow Copilot users in your industry to take advantage of their shared knowledge, resources, and tips for success. The Copilot for Microsoft 365 community on the Microsoft Tech Community website is filled with news updates, event details, and discussions related to Copilot for Microsoft 365.

Learning how to use Copilot effectively, developing your prompt engineering and critical thinking skills, and tapping into the knowledge of fellow Copilot users can help you prepare for a new world of work with this AI-powered helper by your side.

BUI Cloud Security Architect Neil du Plessis is a certified CISSP and Microsoft Cybersecurity Expert specialising in holistic, cloud-powered defences for modern workplaces.

Wondering if Copilot for Microsoft 365 is right for your organisation? Join the BUI team for an interactive workshop and we’ll assess your Copilot for Microsoft 365 readiness and define a road map for your adoption journey. The workshop is conducted virtually, and is suitable for senior business development managers, line-of-business leaders, managers, technical decision-makers, and end-users. Register your interest by completing this digital form and we’ll contact you directly.

Copilot for Microsoft 365: AI to help you work smarter

In Part 2 of our Copilot for Microsoft 365 spotlight series, Cloud Security Architect Neil du Plessis reveals how this AI-powered assistant can help you be more creative and productive.

By Neil du Plessis | Cloud Security Architect, BUI

More than three-quarters of early users said that once they tried Copilot for Microsoft 365, they didn’t want to give it up. Why? Because having this AI-powered assistant as their workplace aide helped them to save time, unleash their creativity, enhance their skills, and unlock the full potential of their favourite Microsoft 365 apps.

In the Work Trend Index Special Report published by Microsoft last year, the same early users said that Copilot for Microsoft 365 empowered them to do more – and do it more efficiently than before. From creating presentations in PowerPoint to managing emails in Outlook, Copilot helped them achieve their goals.

But how exactly can Copilot for Microsoft 365 help you and your teams? How can you take advantage of this technology in your business right now? Let’s explore three everyday use cases for Copilot for Microsoft 365 in the modern workplace.

1. Copilot can help you write better and faster.

Whether you need to write a blog post, a newsletter, a proposal, or a summary, Copilot can help you with the creative process.

You can tell Copilot to draft an outline, a title, a hook, or a conclusion for your document based on your topic and purpose. You can get Copilot to check your grammar and spelling and edit, rewrite, or paraphrase your text to improve the tone, style, and clarity.

You can also direct Copilot to help you with formatting, referencing, and citing your sources so that your entire document is eye-catching, precise, and correctly attributed.

With Copilot as your co-creator, you can speed up the writing process and craft compelling content that meets your needs. Watch these videos for a closer look at what’s possible with Copilot in Word.

BUI_SA_M365_Copilot_Blog_2_Designer
With the Designer integration in Copilot in Word, it’s easy to bring your ideas to life with eye-catching visuals that match the text in your document. Image credit: Microsoft

2. Copilot can help you analyse and visualise data.

Whether you need to work with numbers, charts, tables, or graphs, Copilot can help you with data analysis and presentation.

You can get Copilot to perform calculations, apply formulas, filter data, or create pivot tables in Excel, based on your data set and goal.

You can ask Copilot to help you interpret and make sense of your data by providing summaries, trends, or insights in natural language.

You can also use Copilot to generate charts and graphs so that you can visualise your data, highlight relevant information, and vividly present your findings.

With Copilot by your side in Excel, you can enhance the way you work with and analyse data. Watch these videos to see how Copilot filters, formats, and reviews data.

3. Copilot can help you manage and organise tasks.

Whether you need to plan a project, schedule a meeting, or follow up on an email, Copilot can help you with task management and day-to-day organisation.

You can ask Copilot to create a project plan, a timeline, or a checklist in Word, Excel, or PowerPoint, based on your project scope and deliverables.

You can instruct Copilot to schedule a meeting, send an invitation to your chosen attendees, and create an agenda to match the meeting topic – all from within Outlook or Teams.

You can also get Copilot to help you respond to emails, create tasks, and set reminders in Outlook or Teams, based on your email content and priorities.

With Copilot as your digital assistant, you can stay on top of your tasks and organise your calendar more efficiently. Watch these videos for an overview of Copilot’s functionality in Outlook and Teams.

Real-time intelligent assistance from Copilot for Microsoft 365 enables people to work more creatively and productively. More than 80% of surveyed users said Copilot makes it easier to get started on a first draft; take action after a meeting; and catch up on what they missed. More than 70% said Copilot helped them complete work faster and save time on mundane tasks. And 68% said Copilot improved the quality of their work.

Going forward, those who embrace Copilot for Microsoft 365 as an ally at work and take the time to build new digital habits will benefit the most from this powerful technology.

BUI Cloud Security Architect Neil du Plessis is a certified CISSP and Microsoft Cybersecurity Expert specialising in holistic, cloud-powered defences for modern workplaces.

Wondering if Copilot for Microsoft 365 is right for your organisation? Join the BUI team for an interactive workshop and we’ll assess your Copilot for Microsoft 365 readiness and define a road map for your adoption journey. The workshop is conducted virtually, and is suitable for senior business development managers, line-of-business leaders, managers, technical decision-makers, and end-users. Register your interest by completing this digital form and we’ll contact you directly.

Copilot for Microsoft 365: Key news updates to know

In Part 1 of our Copilot for Microsoft 365 spotlight series, Cloud Security Architect Neil du Plessis unpacks the news you need to know about this AI-powered assistant for the modern workplace.

By Neil du Plessis | Cloud Security Architect, BUI

Copilot for Microsoft 365, the advanced AI assistant embedded in Microsoft 365 apps like PowerPoint and Word, made waves in workplaces worldwide after it was ANNOUNCED IN 2023.

The tool enables people to perform tasks and generate content using natural language commands and is ALREADY CONSIDERED A GAME-CHANGER for productivity and human-computer interaction, even as Microsoft continues to refine its capabilities and features.

So, what can we expect from this innovative technology going forward? Here are four important updates to know about Copilot for Microsoft 365.

1. Copilot for Microsoft 365 is now generally available to businesses of all sizes.

On 1 November last year, Microsoft made Copilot for Microsoft 365 available to Microsoft 365 customers on Enterprise plans. Since then, Microsoft has removed the Microsoft 365 prerequisite and minimum-purchase restrictions to expand its Copilot for Microsoft 365 licensing model to include enterprises using Office 365 E3/E5 and small and medium-sized businesses (SMBs).

As of 15 January 2024, Enterprise customers (Office 365 E3, Office 365 E5, Microsoft 365 E3 and Microsoft 365 E5) and Business customers (Microsoft 365 Business Standard and Microsoft 365 Business Premium) can purchase Copilot for Microsoft 365 as an add-on to an existing subscription for $30 per user per month.

2. Copilot for Microsoft 365 will be supported in more languages and regions this year.

Initially, Copilot was only available in English for users based in the United States, Canada, and the United Kingdom. Today, it’s available in 36 regions across the Americas, Europe, Africa, and Asia, and Microsoft is working hard to expand both audience and market reach.

In addition to English, Copilot for Microsoft 365 is supported in Chinese (Simplified), French, German, Italian, Japanese, Portuguese, and Spanish. Microsoft plans to support several more languages over the first half of 2024, including Arabic, Chinese (Traditional), Czech, Danish, Dutch, Finnish, Hebrew, Hungarian, Korean, Norwegian, Polish, Russian, Swedish, Thai, Turkish, and Ukrainian.

Satya Nadella, Microsoft chairman and chief executive officer, speaks on stage at Skylight at Essex Crossing in New York City during the Microsoft Copilot event in September 2023. Image credit: Microsoft

3. Copilot for Microsoft 365 is now integrated with more apps and services.

Microsoft is enhancing the workplace value of Copilot for Microsoft 365 by adding new features and integrating it with more apps and services – both inside and outside of the Microsoft 365 suite. For example, Copilot works seamlessly with Loop and SharePoint, and is coming soon in Planner, OneNote, and Stream to allow users to access and manage files and tasks through natural language prompts and queries.

Copilot can also connect with third-party apps and services, including Salesforce, Jira, Dynamics 365, Bing Web Search, ServiceNow, and Zendesk, enabling users to perform actions and gather external information without leaving their current app.

Copilot can also leverage the power of the Microsoft Graph and third-party integrated applications like SQL and Confluence to provide users with personalised, contextual suggestions and insights based on their preferences, history, and activity.

4. Copilot for Microsoft 365 is becoming more accurate and reliable by the day.

Microsoft is committed to improving Copilot for Microsoft 365 so that it consistently produces relevant, high-quality output for users based on their prompts and context. To achieve this, Microsoft has been refining Copilot’s processing and orchestration engine, updating its Large Language Models, and gathering public and partner feedback through early access programmes, preview programmes, and dedicated community forums like the Copilot Feedback Hub, where users can share their observations, suggestions, and experiences with the tool.

These efforts continue to yield results: Copilot’s accuracy and reliability have improved significantly since launch; 70% of early users have reported increased personal productivity; and 77% of early users have said that once they used Copilot, they didn’t want to give it up.

With its expanded licensing model, broader language support, increased integration with apps and services, and improved accuracy and reliability, Copilot for Microsoft 365 is set to become a critical tool for businesses of all sizes.

As Microsoft further refines Copilot’s capabilities and features, we can expect this AI-powered assistant to revolutionise organisations everywhere by empowering people to do more with their favourite Microsoft 365 apps every day.

BUI Cloud Security Architect Neil du Plessis is a certified CISSP and Microsoft Cybersecurity Expert specialising in holistic, cloud-powered defences for modern workplaces.

Wondering if Copilot for Microsoft 365 is right for your organisation? Join the BUI team for an interactive workshop and we’ll assess your Copilot for Microsoft 365 readiness and define a road map for your adoption journey. The workshop is conducted virtually, and is suitable for senior business development managers, line-of-business leaders, managers, technical decision-makers, and end-users. Register your interest by completing this digital form and we’ll contact you directly.

DFIR as a Service: Effective incident response when you need it

If cybercriminals breached your systems today, would you be ready to act? Zandre Janse van Vuuren explains why DFIR as a Service is such a compelling solution for businesses that don’t have their own Digital Forensics and Incident Response teams.

By Zandre Janse van Vuuren | Service Delivery Manager: Cyber DFIR, BUI

Cybercrime has become more sophisticated, more frequent, and more damaging than ever, with companies falling victim to data breaches, ransomware scams, and other types of cyberattacks that often result in substantial financial losses and reputational damage. In the aftermath, they’re turning to Digital Forensics and Incident Response specialists to find answers – and to help them strengthen their security posture and avoid a repeat incident.

What is Digital Forensics and Incident Response?

Digital Forensics and Incident Response (DFIR) is a niche field within cybersecurity that concentrates on identifying, preserving, analysing, and recovering digital information to investigate and respond to security incidents and cybercrimes.

DFIR specialists play a critical role in mitigating cyber threats and maintaining the integrity of connected digital systems. Their key focus areas typically include Incident Response, Digital Forensics, Analysis, Recovery, and Reporting.

Incident Response

DFIR specialists are responsible for quickly identifying and responding to security incidents like network intrusions, data breaches, malware infections, and cyberattacks. Their primary goal is to minimise the damage caused by the incident and prevent further unauthorised access by the perpetrator.

Digital Forensics

DFIR teams use sophisticated tools and investigative techniques to gather and analyse digital evidence from various sources, including servers, computers, portable drives, smart devices, mobile phones, and network logs. They must follow strict collection procedures and maintain a chain of custody to preserve the integrity of digital evidence so that it is admissible in any legal proceedings related to the incident.

Analysis

DFIR teams thoroughly examine all digital evidence to uncover the scope of the incident and identify the perpetrator’s methods and motives. They also evaluate the extent of the damage caused to the victim’s connected environment by analysing logs, file systems, memory data, and network traffic, among other things.

Recovery

DFIR specialists have advanced technology and security skills and can work to recover data, systems, or services lost or compromised due to the incident. This process may involve restoring backups, removing malware, and implementing new, more comprehensive security measures to reduce the victim’s attack surface in the future.

Reporting

DFIR specialists are responsible for documenting their findings and preparing detailed technical and forensic reports suitable for legal purposes, regulatory compliance, or internal investigations. They can also appear in court as expert witnesses.

DFIR as a Service

Last year, the average cost of a data breach was $4.45-million. Researchers estimate that cyberattacks will cost the global economy $10.5-trillion by the end of 2024. And by 2025, lack of skill or human failure will be responsible for more than half of significant security incidents.

It’s clear that cybercriminals are taking advantage of a perfect storm: our hyperconnected digital world, the global shortage of security professionals, readily available hacking tools, and the relative ease of operating anonymously on the web. In this volatile climate, you have to go beyond protecting and defending your IT environment and plan for when disaster strikes.

If you do not have an in-house team of DFIR experts to identify and contain threats, mitigate the impact of security incidents, and conduct in-depth investigations, then you should consider opting for a DFIR-as-a-Service solution. This will enable you to leverage the expertise of a trusted security partner and enjoy the five main benefits of DFIR-as-a-Service.

1. Access to experienced security pros

DFIR-as-a-Service partners usually have a team (or teams) of security professionals specialising in incident response and digital forensic investigation. These experts have cutting-edge skills and a wealth of experience gained from working on DFIR cases involving business and enterprise organisations in diverse industries. As a customer, you can tap into a much broader knowledge base than your company’s own and take advantage of the insights and lessons learned by these pros.

2. Rapid response when it matters most

Every second counts when you’re dealing with a security incident. DFIR-as-a-Service partners are prepared to respond quickly when called upon. They have established procedures and playbooks to deal with the incident, and defined service-level agreements governing their engagements with you. As a result, you can expect swift incident analysis and containment, proper incident management, and dedicated support from DFIR experts – all crucial elements for minimising the impact of the incident.

3. Specialised tools and technologies

DFIR-as-a-Service partners invest in cutting-edge tools to give their teams advanced incident response and digital forensic analysis capabilities. They also harness their relationships with technology peers, think tanks, and research institutions to gain deeper insights into the evolving threat landscape. As a customer, you can benefit from specialised technologies and sophisticated industry research without ever having to source these independently.

4. Reduced legal and regulatory risks

DFIR-as-a-Service partners are external parties who provide objective assistance and an outsider’s perspective on your security posture and any incidents. As DFIR experts, they are equipped to ensure that all digital forensic investigations are conducted thoroughly and impartially in compliance with legal and regulatory requirements. You can rest assured every incident will be handled responsibly, professionally, and with complete transparency.

5. Cost efficiency

Creating and managing an in-house DFIR team is a costly and time-consuming process. It involves finding and training DFIR professionals and procuring state-of-the-art hardware and software – all of which can strain your budget. On the other hand, when you hire a DFIR-as-a-Service partner, you instantly broaden your organisation’s DFIR capabilities without having to bear the overhead costs associated with maintaining a full-time internal team.

As cybercrime continues to evolve at an unprecedented pace, the importance of Digital Forensics and Incident Response cannot be overstated. If you’re serious about holistic protection for your organisation, then a robust DFIR strategy is not just advisable – it’s imperative.

A DFIR-as-a-Service solution customised for your company is a proactive investment in security that will give you the peace of mind that comes with knowing you have a team of specialists on standby to help you safeguard your assets, protect your reputation, and preserve business continuity in challenging times.

BUI Cyber DFIR Service Delivery Manager Zandre Janse van Vuuren is a certified computer, digital and mobile forensics specialist and incident handler with a background in security operations.

Call in our security and digital forensics experts when it matters most. From lone attackers to ransomware groups, cyberspace is filled with adversaries. Solid preparation is essential. Our Cyber DFIR team can provide all the support you need in times of crisis. Learn more about our Digital Forensics and Incident Response retainer service, available now.