While you may find people using the terms interchangeably, Office 365 and Microsoft 365 are two distinct plans offered by Microsoft. Office 365 includes Microsoft Exchange and SharePoint for businesses which have their own network., and an active directory service to authenticate the users with access to the network. This is in addition to the standard MS Office programs, Excel, Word, PowerPoint, and Access.

Microsoft 365 expanded on Office 365, and is meant to replace it. While it also has Word, Excel, PowerPoint, and Access, It is tailored for offices that rely on the cloud, and don't have their own network. Azure Active Directory comes with Microsoft 365. It is a cloud-based system for authenticating users, but you cannot set it up with a server. Azure Active Directory works with Microsoft Intune in M365 to restrict access to data. Microsoft 365 also includes Enterprise Mobility and Security which facilitates the control of devices which are in different locations.

28 views0 comments

A European cyber security company, With Secure, recently posted its findings on a flaw in the encryption method used in the local installation version of Microsoft Office 365.

Office Message Encryption (OME) works with Electronic Codebook (ECB). A party attempting to decrypt Office encrypted messages (which are sent as email attachments), may be able to determine the content by detecting where certain blocks of text, such as confidentiality footers or headings, repeat in multiple messages. The structure will be apparent even to a party that doesn't have the key for the encrypted text. ECB will encrypt repeating blocks of text in the same way. As stated in NIST Special Publication 800-38A, Recommendation for Block Cipher Modes of Operation, "in the ECB mode, under a given key, any given plaintext block always gets encrypted to the same ciphertext block. "

Unlike a more secure encryption method like Cipher Block Chaining (CBC) ECB does not use an initialization vector, a random factor which prevents blocks of identical plaintext (unencrypted text) from having the same encryption. This diagram on the Sophos cyber security blog, demonstrates the problem with ECB:

With Secure's post points out that a 2021 Microsoft FIPS (Federal Information Processing Standard) Compliance post [made to comply with the Information Technology Management Reform Act of 1996's encryption requirements] states that, "Legacy versions of Office (2010) require AES 128 ECB, and Office docs are still protected in this manner by Office apps.".

So apparently in order to avoid trouble with users running older versions of MS Office being unable to decrypt messages encrypted with CBC or another encryption method, Microsoft will continue to use the weaker ECB method.

30 views0 comments

When you send a job to a printer not on your office network from inside VMWare or another VPN, you may not see all of the options which should be available in the properties for the printer.

Apply the settings for the printer on the local computer on which you are running VMWare. The selections should carry over to the VMWare instance and you'll be able to print jobs from the VPN with settings not available in the properties displayed for the printer within in the VPN.

10 views0 comments