Skip to main content

Trustworthy Computing

Microsoft Security Newsletter

Stay up to date with security insights, resources, best practices, and events for IT professionals and developers. Browse past newsletters or subscribe to get the latest news delivered to your inbox.



Welcome to March 2015's Security Newsletter!

This month, we are highlighting the security controls available in Office 365, with a focus on the built-in mobile device management (MDM) capabilities now available for Office 365. With MDM for Office 365, you can manage access to Office 365 data across a diverse range of phones and tablets, including iOS, Android and Windows Phone devices. More importantly, the built-in MDM features are included at no additional cost in all Office 365 commercial plans, including Business, Enterprise, EDU, and Government plans.

If you are looking for protection beyond what's included in Office 365, you can subscribe to Microsoft Intune, part of the Microsoft Enterprise Mobility Suite, and receive additional device and application management capabilities for phones, tablets and PCs. To learn more, check out the new Enterprise Mobility Suite webinar series. Each month, there will be one webinar based on the solutions and the big picture for enterprise mobility, and a second, deeper dive webinar on specific product features and how-to guidance.

Also, if you haven't done so already, register for Microsoft Ignite this May to get up to speed on security best practices for Office 365 and enterprise mobility as well as the latest in client, server, browser, network, cloud, and app security technologies and practices. Not able to attend in person this year? Stay tuned for details on how to watch on-demand sessions after the event.

Tim Rains Best regards,
Tim Rains, Chief Security Advisor
Cybersecurity & Cloud Strategy, Microsoft

Want to share this newsletter with a friend or colleague? Click here for the online edition and subscription options.
Have feedback on how we can improve this newsletter? Email us at secnlfb@microsoft.comand share your ideas.

Top Stories
EMET 5.2 Now Available
Enhanced Mitigation Experience Toolkit (EMET) 5.2 includes increased security protections to improve your security posture, such as Control Flow Guard, improvements to the configuration for Attack Surface Reduction (ASR) mitigation, and full support for reporting from Modern Internet Explorer, or Desktop IE with Enhanced Protected Mode enabled.

Updated White Paper on Microsoft Azure Network Security
Download the latest version of this white paper, which now includes guidance on how to use Azure's native network security features to help protect your information assets.

Security Guidance
Office 365 Security and Compliance
Quickly access more information on the features in Office 365 that are available to help you with fulfill your organization's security and compliance needs from anti-spam and anti-malware protection to encryption and Information Rights Management.

Overview of Mobile Device Management for Office 365
You can manage and secure mobile devices when they're connected to your Office 365 organization by using Mobile Device Management for Office 365. Get a quick overview of setup steps for admins plus a summary of device management tasks and where you'll go to perform them.

Capabilities of Mobile Device Management for Office 365
Mobile Device Management for Office 365 can help you secure and manage mobile devices like iPhones, iPads, Androids, and Windows Phones used by licensed Office 365 users in your organization. Find out which devices are supported and explore policy settings, security settings, and more.

Choosing Between Microsoft Intune and Built-in MDM for Office 365
As an IT purchasing manager or an IT administrator, you might have questions about which cloud-based Microsoft mobile device management solution is the best fit for your needs. This article compares the capabilities of Built-in Mobile Device Management for Office 365 to the capabilities of Microsoft Intune to help you to make this decision.

Community Update
Office 365 Trust Center: Top 10 Lists
Need to determine the security and trustworthiness of cloud productivity services and choose a cloud service provider that meets your security expectations? Based on community feedback and real-world customer experiences, these top-ten lists, which include "Top questions you should ask a cloud service provider when you are considering the cloud for your IT services, and how Microsoft Office 365 answers these questions," can help you focus on the key privacy and security considerations that should inform your decision.

This Month's Security Bulletins

March 2015 Security Bulletins


MS15-018:3032359 Cumulative Security Update for Internet Explorer
MS15-019:3040297 Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution
MS15-020:3041836 Vulnerabilities in Microsoft Windows Could Allow Remote Code Execution
MS15-021:3032323 Vulnerabilities in Adobe Font Driver Could Allow Remote Code Execution
MS15-022:3038999 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution


MS15-023:3034344 Vulnerabilities in Kernel-Mode Driver Could Allow Elevation of Privilege
MS15-024:3035132 Vulnerability in PNG Processing Could Allow Information Disclosure
MS15-025:3038680 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
MS15-026:3040856 Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege
MS15-027:3002657 Vulnerability in NETLOGON Could Allow Spoofing
MS15-028:3030377 Vulnerability in Windows Task Scheduler Could Allow Security Feature Bypass
MS15-029:3035126 Vulnerability in Windows Photo Decoder Component Could Allow Information Disclosure
MS15-030:3039976 Vulnerability in Remote Desktop Protocol Could Allow Denial of Service
MS15-031:3046049 Vulnerability in Schannel Could Allow Security Feature Bypass

March 2015 Security Bulletin Resources:

March 2015 Bulletin Release Blog Post
Malicious Software Removal Tool: March 2015 Update

Security Events and Training

The Garage Series for Office 365: Assessing the Top 5 Cloud Security Threats with Mark Russinovich
Learn about the most frequently discussed cloud security threats then listen as Microsoft Technical Fellow Mark Russinovich describes each threat and how Microsoft architects its cloud services to maximize data security and protect against data loss. You'll also get pro tips to help you protect against credential loss and contain the risk of user-driven shadow IT.

Microsoft Ignite
May 4-8, 2015 - Chicago, IL
Ready to explore the latest security and access management technologies? Want to dive deep and learn how to improve the security of your IT infrastructure as well as the devices you manage and the apps you create? Register for Microsoft Ignite 2015 for access to more than 70 sessions on everything from SharePoint data security and next-generation malware detection to secure development best practices for web and cross-platform mobile apps.

Here is just a sample of the sessions you could attend:

Windows 10: Security Internal
Browser Security
How You Can Hack-Proof Your Clients and Servers in a Day
Configuring Corporate-Owned Mobile Devices with Microsoft Intune
Experts Unplugged: Office 365 Security
Microsoft Identity Platform for Developers - Overview and Roadmap


Essential Tools

Microsoft Security Bulletins
Microsoft Security Advisories
Microsoft Security Development Lifecycle Starter Kit
Enhanced Mitigation Experience Toolkit
Malicious Software Removal Tool
Microsoft Baseline Security Analyzer

Security Centers

Security TechCenter
Security Developer Center
Microsoft Security Response Center
Microsoft Malware Protection Center
Microsoft Privacy
Microsoft Security Product Solution Centers

Additional Resources

Microsoft Cybertrust Blog
Microsoft Security Intelligence Report
Microsoft Security Development Lifecycle
Malware Response Guide
Security Troubleshooting and Support Resources Computing 
 This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.

© 2014 Microsoft Corporation Terms of Use | Trademarks

Microsoft respects your privacy. To learn more please read our online Privacy Statement.