A critical architectural weakness in Azure’s Private Endpoint deployments could allow both accidental and intentional denial of service (DoS) attacks against cloud resources. The vulnerability stems from how Azure’s Private DNS zone resolution interacts with hybrid networking configurations, potentially affecting over 5% of Azure storage accounts and multiple critical services. The Core Vulnerability The issue […]
Sam Altman greets Microsoft CEO Satya Nadella at OpenAI DevDay in San Francisco in 2023. (GeekWire File Photo / Todd Bishop)
The launch of the AI lab that would redefine Microsoft caught the tech giant by surprise.
“Did we get called to participate?” Satya Nadella wrote to his team on Dec. 12, 2015, hours after OpenAI announced its founding. “AWS seems to have sneaked in there.”
Nadella had been Microsoft CEO for less than two years. Azure, the company’s cloud platform, was five years old and chasing Amazon Web Services for market share. And now AWS had been listed as a donor in the “Introducing OpenAI” post. Microsoft wasn’t in the mix.
In the internal message, which hasn’t been previously reported, Nadella wondered how the new AI nonprofit could remain truly “open” if it was tied only to Amazon’s cloud.
Within months, Microsoft was courting OpenAI. Within four years, it would invest $1 billion, adding more than $12 billion in subsequent rounds. Within a decade, the relationship would culminate in a $250 billion spending commitment for Microsoft’s cloud and a 27% equity stake in one of the most valuable startups in history.
New court filings offer an inside look at one of the most consequential relationships in tech. Previously undisclosed emails, messages, slide decks, reports, and deposition transcripts reveal how Microsoft pursued, rebuffed and backed OpenAI at various moments over the past decade, ultimately shaping the course of the lab that launched the generative AI era.
More broadly, they show how Nadella and Microsoft’s senior leadership team rally in a crisis, maneuver against rivals such as Google and Amazon, and talk about deals in private.
For this story, GeekWire dug through more than 200 documents, many of them made public Friday in Elon Musk’s ongoing suit accusing OpenAI and its CEO Sam Altman of abandoning the nonprofit mission. Microsoft is also a defendant. Musk, who was an OpenAI co-founder, is seeking up to $134 billion in damages. A jury trial is scheduled for this spring.
OpenAI has disputed Musk’s account of the company’s origins. In a blog post last week, the company said Musk agreed in 2017 that a for-profit structure was necessary, and that negotiations ended only when OpenAI refused to give him full control.
The recently disclosed records show that Microsoft’s own leadership anticipated the possibility of such a dispute. In March 2018, after learning of OpenAI’s plans to launch a commercial arm, Microsoft CTO Kevin Scott sent Nadella and others an email offering his thoughts.
“I wonder if the big OpenAI donors are aware of these plans?” Scott wrote. “Ideologically, I can’t imagine that they funded an open effort to concentrate ML [machine learning] talent so that they could then go build a closed, for profit thing on its back.”
The latest round of documents, filed as exhibits in Musk’s lawsuit, represents a partial record selected to support his claims in the case. Microsoft declined to comment.
Elon helps Microsoft win OpenAI from Amazon
Microsoft’s relationship with OpenAI has been one of its key strategic advantages in the cloud. But the behind-the-scenes emails make it clear that Amazon was actually there first.
According to an internal Microsoft slide deck from August 2016, included in recent filings, OpenAI was running its research on AWS as part of a deal that gave it $50 million in computing for $10 million in committed funds. The contract was up for renewal in September 2016.
Microsoft wanted in. Nadella reached out to Altman, looking for a way to work together.
In late August, the filings show, Altman emailed Musk about a new deal with Microsoft: “I have negotiated a $50 million compute donation from them over the next 3 years!” he wrote. “Do you have any reason not to like them, or care about us switching over from Amazon?”
Musk, co-chair of OpenAI at the time, gave his blessing to the Microsoft deal in his unique way, starting with a swipe at Amazon founder Jeff Bezos: “I think Jeff is a bit of a tool and Satya is not, so I slightly prefer Microsoft, but I hate their marketing dept,” Musk wrote.
He asked Altman what happened to Amazon.
Altman responded, “Amazon started really dicking us around on the T+C [terms and conditions], especially on marketing commits. … And their offering wasn’t that good technically anyway.”
Microsoft and OpenAI announced their partnership in November 2016 with a blog post highlighting their plans to “democratize artificial intelligence,” and noting that OpenAI would use Azure as its primary cloud platform going forward.
Harry Shum, then the head of Microsoft’s AI initiatives, with Sam Altman of OpenAi in 2026. (Photo by Brian Smale for Microsoft)
Internally, Microsoft saw multiple benefits. The August 2016 slide deck, titled “OpenAI on Azure Big Compute,” described it as a prime opportunity to flip a high-profile customer to Azure.
The presentation also emphasized bigger goals: “thought leadership” in AI, a “halo effect” for Azure’s GPU launch, and the chance to recruit a “net-new audience” of developers and startups. It noted that OpenAI was a nonprofit “unconstrained by a need to generate financial return” — an organization whose research could burnish Microsoft’s reputation in AI.
But as the ambition grew, so did the bill.
‘Most impressive thing yet in the history of AI’
In June 2017, Musk spoke with Nadella directly to pitch a major expansion. OpenAI wanted to train AI systems to beat the best human players at competitive esports, Valve’s Dota 2. The computing requirements were massive: 10,000 servers equipped with the latest Nvidia GPUs.
“This would obviously be a major opportunity for Microsoft to promote Azure relative to other cloud systems,” Musk wrote in an email to OpenAI colleagues after the call.
Nadella said he’d talk about it internally with his Microsoft cloud team, according to the email. “Sounds like there is a good chance they will do it,” Musk wrote.
Two months later, Altman followed up with a formal pitch. “I think it will be the most impressive thing yet in the history of AI,” he wrote to Nadella that August.
Microsoft’s cloud executives ran the numbers and balked. In an August 2017 email thread, Microsoft executive Jason Zander told Nadella the deal would cost so much it “frankly makes it a non-starter.” The numbers are redacted from the public version of the email.
“I do believe the pop from someone like Sam and Elon will help build momentum for Azure,” Zander wrote. “The scale is also a good forcing function for the fleet and we can drive scale into the supply chain. But I won’t take a complete bath to do it.”
Ultimately, Microsoft passed. OpenAI contracted with Google for the Dota 2 project instead.
‘A bucket of undifferentiated GPUs’
Microsoft’s broader relationship with OpenAI was starting to fray, as well. By January 2018, according to internal emails, Microsoft executive Brett Tanzer had told Altman that he was having a hard time finding internal sponsors at Microsoft for an expanded OpenAI deal.
Altman started shopping for alternatives. Around that time, Tanzer noted in an email to Nadella and other senior executives that OpenAI’s people “have been up in the area recently across the lake” — a reference to Amazon’s Seattle headquarters.
The internal debate at Microsoft was blunt.
OpenAI CEO Sam Altman and Microsoft CTO Kevin Scott at Microsoft Build in 2024. (GeekWire File Photo / Todd Bishop)
Scott wrote that OpenAI was treating Microsoft “like a bucket of undifferentiated GPUs, which isn’t interesting for us at all.” Harry Shum, who led Microsoft’s AI research, said he’d visited OpenAI a year earlier and “was not able to see any immediate breakthrough in AGI.”
Eric Horvitz, Microsoft’s chief scientist, chimed in to say he had tried a different approach. After a Skype call with OpenAI co-founder Greg Brockman, he pitched the idea of a collaboration focused on “extending human intellect with AI — versus beating humans.”
The conversation was friendly, Horvitz wrote, but he didn’t sense much interest. He suspected OpenAI’s Dota work was “motivated by a need to show how AI can crush humans, as part of Elon Musk’s interest in demonstrating why we should all be concerned about the power of AI.”
Scott summed up the risk of walking away: OpenAI might “storm off to Amazon in a huff and shit-talk us and Azure on the way out.”
“They are building credibility in the AI community very fast,” the Microsoft CTO and Silicon Valley veteran wrote. “All things equal, I’d love to have them be a Microsoft and Azure net promoter. Not sure that alone is worth what they’re asking.”
But by the following year, Microsoft had found a reason to double down.
The first billion
In 2019, OpenAI restructured. The nonprofit would remain, but a new “capped profit” entity would sit beneath it — a hybrid that could raise capital from investors while limiting their returns.
Microsoft agreed to invest $1 billion, with an option for a second billion, in exchange for exclusive cloud computing rights and a commercial license to OpenAI’s technology.
The companies announced the deal in July 2019 with a joint press release. “The creation of AGI will be the most important technological development in human history, with the potential to shape the trajectory of humanity,” Altman said. Nadella echoed that sentiment, emphasizing the companies’ ambition to “democratize AI” while keeping safety at the center.
So what changed for Microsoft between 2018 and 2019?
In a June 2019 email to Nadella and Bill Gates, previously disclosed in the Google antitrust case, Scott cited the search giant’s AI progress as one reason for Microsoft to invest in OpenAI. He “got very, very worried,” he explained, when he “dug in to try to understand where all of the capability gaps were between Google and us for model training.”
Microsoft CEO Satya Nadella and OpenAI CEO Sam Altman at the Microsoft campus in Redmond, Wash. on July 15, 2019. (Photography by Scott Eklund/Red Box Pictures)
Nadella forwarded Scott’s email to Amy Hood, Microsoft’s CFO. “Very good email that explains why I want us to do this,” Nadella wrote, referring to the larger OpenAI investment, “and also why we will then ensure our infra folks execute.”
Gates wasn’t so sure. According to Nadella’s deposition testimony, the Microsoft co-founder was clear in “wanting us to just do our own” — arguing that the company should focus on building AI capabilities in-house rather than placing such a large bet on OpenAI.
Nadella explained that the decision to invest was eventually driven by him and Scott, who concluded that OpenAI’s specific research direction into transformers and large language models (the GPT class) was more promising than other approaches at the time.
Hood, meanwhile, offered some blunt commentary on OpenAI’s cap on profits — the centerpiece of its new structure, meant to limit investor returns and preserve the nonprofit’s mission. The caps were so high, she wrote, that they were almost meaningless.
“Given the cap is actually larger than 90% of public companies, I am not sure it is terribly constraining nor terribly altruistic but that is Sam’s call on his cap,” Hood wrote in a July 14, 2019, email to Nadella, Scott, and other executives.
If OpenAI succeeded, she noted, the real money for Microsoft would come from Azure revenue — far exceeding any capped return on the investment itself.
But the deal gave Microsoft more than cloud revenue.
According to an internal OpenAI memo dated June 2019, Microsoft’s investment came with approval rights over “Major Decisions” — including changes to the company’s structure, distributions to partners, and any merger or dissolution.
Microsoft’s $1 billion made it the dominant investor. Under the partnership agreement, major decisions required approval from a majority of limited partners based on how much they had contributed. At 85% of the total, Microsoft had an effective veto, a position of power that would give the company a pivotal role in defining the future of the company.
‘The opposite of open’
In September 2020, Musk responded to reports that Microsoft had exclusively licensed OpenAI’s GPT-3. “This does seem like the opposite of open,” he tweeted. “OpenAI is essentially captured by Microsoft.”
Nadella seemed to take the criticism seriously.
In an October 2020 meeting, according to internal notes cited in a recent court order, Microsoft executives discussed the perception that the company was “effectively owning” OpenAI, with Nadella saying they needed to give thought to Musk’s perspective.
In February 2021, as Microsoft and OpenAI negotiated a new investment, Altman emailed Microsoft’s team: “We want to do everything we can to make you all commercially successful and are happy to move significantly from the term sheet.”
His preference, Altman told the Microsoft execs, was “to make you all a bunch of money as quickly as we can and for you to be enthusiastic about making this additional investment soon.”
They closed the deal in March 2021, for up to $2 billion. This was not disclosed publicly until January 2023, when Microsoft revealed it as part of a larger investment announcement.
By 2022, the pressure to commercialize was explicit.
Mira Murati, left, and Sam Altman at OpenAi DevDay 2023. (GeekWire File Photo / Todd Bishop)
According to a transcript of her deposition, Mira Murati, then OpenAI’s vice president of applied AI and partnerships, had written in contemporaneous notes that the most-cited goal inside the company that year was a $100 million revenue target. Altman had told employees that Nadella and Scott said this needed to be hit to justify the next investment, as much as $10 billion.
Murati testified that Altman told her “it was important to achieve this goal to receive Microsoft’s continued investments.” OpenAI responded by expanding its go-to-market team and building out its enterprise business.
Then everything changed.
The ChatGPT moment
On Nov. 30, 2022, OpenAI announced ChatGPT. The chatbot became the fastest-growing consumer application in history, reaching 100 million users within two months. It was the moment that turned OpenAI from an AI research lab into a household name.
Microsoft’s bet was suddenly looking very different.
OpenAI’s board learned about the launch on Twitter. According to deposition testimony, board members Helen Toner and Tasha McCauley received no advance notice and discovered ChatGPT by seeing screenshots on social media.
McCauley described the fact that a “major release” could happen without the board knowing as “extremely concerning.” Toner testified that she wasn’t surprised — she was “used to the board not being very informed” — but believed it demonstrated that the company’s processes for decisions with “material impact on the mission were inadequate.”
Altman, according to one filing, characterized the release as a “research preview” using existing technology. He said the board “had been talking for months” about building a chat product, but acknowledged that he probably did not send the board an email about the specific release.
As its biggest investor, Microsoft pushed OpenAI to monetize the product’s success.
Microsoft CEO Satya Nadella speaks at OpenAI DevDay in 2023, as Sam Altman looks on. (GeekWire File Photo / Todd Bishop)
In mid-January 2023, Nadella texted Altman asking when they planned to activate a paid subscription.
Altman said they were “hoping to be ready by end of jan, but we can be flexible beyond that. the only real reason for rushing it is we are just so out of capacity and delivering a bad user experience.”
He asked Nadella for his input: “any preference on when we do it?”
“Overall getting this in place sooner is best,” the Microsoft CEO responded, in part.
Two weeks later, Nadella checked in again: “Btw …how many subs have you guys added to chatGPT?”
Altman’s answer revealed what they were dealing with. OpenAI had 6 million daily active users — their capacity limit — and had turned away 50 million people who tried to sign up. “Had to delay charging due to legal issues,” he wrote, “but it should go out this coming week.”
ChatGPT Plus launched on Feb. 1, 2023, at $20 a month.
A week earlier, Microsoft made its landmark $10 billion investment in OpenAI. The companies had begun negotiating the previous summer, when OpenAI was still building ChatGPT. The product’s viral success validated Microsoft’s bet and foreshadowed a new era of demand for its cloud platform.
Ten months later, it nearly collapsed.
‘Run over by a truck’
On Friday afternoon, Nov. 17, 2023, OpenAI’s nonprofit board fired Altman as CEO, issuing a terse statement that he had not been “consistently candid in his communications with the board.” Greg Brockman, the company’s president and cofounder, was removed from the board the same day. He quit hours later.
Microsoft, OpenAI’s largest investor, was not consulted. Murati, then OpenAI’s chief technology officer and the board’s choice for interim CEO, called Nadella and Kevin Scott to warn them just 10 to 15 minutes before Altman himself was told.
“Mira sounded like she had been run over by a truck as she tells me,” Scott wrote in an email to colleagues that weekend.
The board — Ilya Sutskever, Tasha McCauley, Helen Toner, and Adam D’Angelo — had informed Murati the night before. They had given her less than 24 hours to prepare.
At noon Pacific time, the board delivered the news to Altman. The blog post went live immediately. An all-hands meeting followed at 2 p.m. By Friday night, Brockman had resigned. So had Jakub Pachocki, OpenAI’s head of research, along with a handful of other researchers.
A “whole horde” of employees, Scott wrote, had reached out to Altman and Brockman “expressing loyalty to them, and saying they will resign.”
Microsoft didn’t have a seat on the board. But text messages between Nadella and Altman, revealed in the latest filings, show just how influential it was in the ultimate outcome.
At 7:42 a.m. Pacific on Saturday, Nov. 18, Nadella texted Altman asking if he was free to talk. Altman replied that he was on a board call.
“Good,” Nadella wrote. “Call when done. I have one idea.”
That evening, at 8:25 p.m., Nadella followed up with a detailed message from Brad Smith, Microsoft’s president and top lawyer. In a matter of hours, the trillion-dollar corporation had turned on a dime, establishing a new subsidiary from scratch — legal work done, papers ready to file as soon as the Washington Secretary of State opened Monday morning.
They called it Microsoft RAI Inc., using the acronym for Responsible Artificial Intelligence.
“We can then capitalize the subsidiary and take all the other steps needed to operationalize this and support Sam in whatever way is needed,” Smith wrote. Microsoft was “ready to go if that’s the direction we need to head.”
Altman’s reply: “kk.”
A screenshot of text messages between Microsoft CEO Satya Nadella and OpenAI CEO Sam Altman following Altman’s ouster in 2023.
The company calculated the cost of absorbing the OpenAI team at roughly $25 billion, Nadella later confirmed in a deposition — enough to match the compensation and unvested equity of employees who had been promised stakes in a company that now seemed on the verge of collapse.
By Sunday, Emmett Shear, the Twitch co-founder, had replaced Murati as interim CEO. That night, when the board still hadn’t reinstated Altman, Nadella announced publicly that Microsoft was prepared to hire the OpenAI CEO and key members of his team.
“In a world of bad choices,” Nadella said in his deposition, the move “was definitely not my preferred thing.” But it was preferable to the alternative, he added. “The worst outcome would have been all these people leave and they go to our competition.”
‘Strong strong no’
On Tuesday, Nov. 21, the outcome was still uncertain. Altman messaged Nadella and Scott that morning, “can we talk soon? have a positive update, ish.” Later, he said the situation looked “reasonably positive” for a five-member board. Shear was talking to the remaining directors.
Nadella asked about the composition, according to the newly public transcript of the message thread, which redacts the names of people who ultimately weren’t chosen.
“Is this Larry Summers and [redacted] and you three? Is that still the plan?”
Summers was confirmed, Altman replied. The other slots were “still up in air.”
Altman asked, “would [redacted] be ok with you?”
“No,” Nadella wrote.
Scott was more emphatic, giving one unnamed person a “strong no,” and following up for emphasis: “Strong strong no.”
The vetting continued, as Nadella and Scott offered suggestions, all of them redacted in the public version of the thread.
A screenshot of text messages from Nov. 21, 2023, included as an exhibit in Elon Musk’s lawsuit, shows Microsoft President Brad Smith and CEO Satya Nadella discussing OpenAI board prospects with Sam Altman following his ouster.
Nadella added Smith to the thread. One candidate, the Microsoft president wrote, was “Solid, thoughtful, calm.” Another was “Incredibly smart, firm, practical, while also a good listener.”
At one point, Scott floated a joke: “I can quit for six months and do it.” He added a grinning emoji and commented, “Ready to be downvoted by Satya on this one, and not really serious.”
Nadella gave that a thumbs down.
The back-and-forth reflected a delicate position. Microsoft had no board seat at OpenAI. Nadella had said publicly that the company didn’t want one. But the texts showed something closer to a shadow veto — a real-time screening of the people who would oversee the nonprofit’s mission.
By evening, a framework emerged. Altman proposed Bret Taylor, Larry Summers, and Adam D’Angelo as the board, with himself restored as CEO. Taylor would handle the investigation into his firing.
Smith raised a concern. “Your future would be decided by Larry [Summers],” he wrote. “He’s smart but so mercurial.” He called it “too risky.” (Summers resigned from the OpenAI board in November 2025, following revelations about his correspondence with Jeffrey Epstein.)
Altman wrote, “id accept it given my conversations with him and where we are right now.” He added, “it’s bullshit but i want to save this … can you guys live with it?”
Nadella asked for Summers’ cell number.
At 2:38 p.m., Altman texted the group: “thank you guys for the partnership and trust. excited to get this all sorted to a long-term configuration you can really depend on.”
Nadella loved the message.
Two minutes later, Smith replied: “Thank you! A tough several days. Let’s build on this and regain momentum.”
Altman loved that one.
Nadella had the last word: “Really looking forward to getting back to building….”
“We are encouraged by the changes to the OpenAI board,” Nadella posted on X. “We believe this is a first essential step on a path to more stable, well-informed, and effective governance.”
The crisis was resolved, but the underlying tensions remained.
‘Project Watershed’
On December 27, 2024, OpenAI announced it would unwind its capped-profit structure. Internally, this initiative was called “Project Watershed,” the documents reveal.
The mechanics played out through 2025. On September 11, Microsoft and OpenAI executed a memorandum of understanding with a 45-day timeline to finalize terms.
Microsoft’s role was straightforward but powerful. Its approval rights over “Major Decisions” including changes to OpenAI’s structure. Asked in a deposition whether those rights covered a recapitalization of OpenAI’s for‑profit entity into a public benefit corporation, Microsoft corporate development executive Michael Wetter testified that they did.
The company had no board seat. “Zero voting rights,” Wetter testified. “We have no role, to be super clear.” But under the 2019 agreement, the conversion couldn’t happen without them.
The timing mattered. A SoftBank-led financing — internally called Project Sakura — was contingent on the recapitalization closing by year-end. Without the conversion, the funding could not proceed. Without Microsoft’s approval, the conversion could not proceed.
Valuation became a key focus of negotiations. Morgan Stanley, working for Microsoft, estimated OpenAI’s value at $122 billion to $177 billion, according to court filings. Goldman Sachs, advising OpenAI, put it at $353 billion. The MOU set Microsoft’s stake at 32.5 percent. By the time the deal closed after the SoftBank round, dilution brought it to 27 percent.
OpenAI’s implied valuation was $500 billion — a record at the time (until it was surpassed in December by Musk’s SpaceX). As Altman put it in his deposition, “That was the willing buyer-willing seller market price, so I won’t argue with it.”
For Microsoft, it was a give-and-take deal: the tech giant lost its right of first refusal on new cloud workloads, even as OpenAI committed to the $250 billion in future Azure purchases.
At the same time, the agreement defused the clause that had loomed over the partnership: under prior terms, a declaration of artificial general intelligence by OpenAI’s board would have cut Microsoft off from future models. Now any such declaration needs to be made by an independent panel, and Microsoft’s IP rights run through 2032 regardless.
The transaction closed on Oct. 28, 2025. The nonprofit remained (renamed the OpenAI Foundation) but as a minority shareholder in the company it had once controlled.
Six days later, OpenAI signed a seven-year, $38 billion infrastructure deal with Amazon Web Services. The company that had “sneaked in there” at the founding, as Nadella put it in 2015, was back — this time as a major cloud provider for Microsoft’s flagship AI partner.
An OpenAI graphic shows its revenue tracking computing consumption.
In a post this weekend, OpenAI CFO Sarah Friar made the shift explicit: “Three years ago, we relied on a single compute provider,” she wrote. “Today, we are working with providers across a diversified ecosystem. That shift gives us resilience and, critically, compute certainty.”
Revenue is up from $2 billion in 2023 to more than $20 billion in 2025. OpenAI is no longer a research lab dependent on Microsoft’s cloud. It’s a platform company with leverage.
In December 2015, Nadella had to ask whether Microsoft had been called to participate in the OpenAI launch. A decade later, nothing could happen without the Redmond tech giant.
Overview On January 14, NSFOCUS CERT detected that Microsoft released the January Security Update patch, which fixed 112 security issues involving widely used products such as Windows, Microsoft Office, Microsoft SQL Server, Azure, etc., including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed by Microsoft’s monthly update this […]
Cymulate Research Labs discovered a high-severity authentication bypass vulnerability in Microsoft Windows Admin Centre’s Azure AD Single Sign-On implementation that enables attackers with local administrator access on a single machine to compromise any other Windows Admin Center-managed system within the same Azure tenant. The flaw, tracked as CVE-2026-20965, stems from improper validation of Proof-of-Possession (PoP) tokens […]
Researchers have discovered VoidLink, a sophisticated new Linux malware framework designed to infiltrate AWS, Google Cloud, and Azure. Learn how this Chinese-affiliated toolkit uses adaptive stealth to stay hidden.
Microsoft’s Copilot Checkout lets users browse and buy products without leaving the chat. (Microsoft Image, click for larger version)
[Editor’s Note: Agents of Transformation is an independent GeekWire series and March 24, 2026 event, underwritten by Accenture, exploring the people, companies, and ideas behind AI agents.]
Microsoft is making its own bid to turn AI conversations into agentic commerce, announcing a new feature called Copilot Checkout that lets users complete purchases directly within its AI chatbot, without being redirected to an external website.
The company is betting that its existing enterprise technology footprint and established relationships with large retailers will give it an edge over OpenAI, Google, and Amazon in winning over merchants wary of giving up control to retail rivals or AI intermediaries.
Kathleen Mitford, Microsoft corporate vice president of global industry marketing. (Microsoft Photo)
“We’ve designed it in such a way that retailers own those relationships with the customers,” said Kathleen Mitford, corporate vice president of global industry marketing at Microsoft. “It is their data, it is their relationship, and that’s something that’s really important to us.”
It’s part of a broader AI rollout by Microsoft at NRF 2026, the retail industry’s annual conference in New York. Microsoft is also launching Brand Agents, pitched as a complete solution for Shopify merchants to add AI assistants to their websites, along with new AI tools to assist store employees and help retailers enhance their online product listings and metadata.
Copilot Checkout works by surfacing products from partner retailers within Copilot search results. Purchases can be completed without leaving the conversation. Microsoft says the retailer remains the merchant of record, handling fulfillment and customer service.
But will people buy in chat?
The bigger question for the tech industry is whether chat-based commerce is actually the next big thing. Forrester analyst Sucharita Kodali, for example, previously told GeekWire that “e-commerce isn’t a problem that needs to be fixed.” She added that it’s unclear what value chat-based commerce is bringing to retailers, “other than disintermediating Google.”
Microsoft’s Mitford offered a different take in an interview this week, saying that consumer behavior is shifting faster than it may seem. She drew a parallel to how quickly businesses moved from experimenting with AI to putting it into operation over the past year.
“I see the same thing happening with consumers … it just takes a little bit of time,” Mitford said, predicting that the speed of consumer adoption will eventually match the rapid uptake seen in the business world.
Copilot Checkout is rolling out now in the U.S. on Copilot.com, with PayPal, Shopify, and Stripe handling payment processing. Etsy sellers will be among the first available on the platform. Shopify merchants are set to be automatically enrolled following an opt-out window.
That last detail is notable given the backlash Amazon has faced over its “Buy for Me” feature, where brands complained about being included without consent and seeing inaccurate listings.
Microsoft’s approach is more tightly connected to its partners — the company said Shopify will management the opt-out process for its merchants — but automatic enrollment seems to raise the potential for some of the same concerns. (We’ve contacted Shopify for more information.)
The competitive landscape
More broadly, Microsoft is playing catch-up on the consumer side.
OpenAI launched Instant Checkout in ChatGPT last September, partnering with Shopify and Stripe to let users buy from more than a million merchants. Google followed in November with its own “Buy for Me” feature which lets its Gemini assistant purchase products on a user’s behalf.
Despite its inroads with businesses, Copilot has a fraction of ChatGPT’s market share with consumers. Recent data from Similarweb’s Global AI Tracker showed ChatGPT with about 68% of AI chatbot web traffic, with Google Gemini at 18% and Copilot in the single digits.
But Microsoft has its advantages: Unlike Amazon and Google, which compete directly with retailers through their own marketplaces, it isn’t a retailer. And retail has long been a major vertical for its enterprise cloud and software business, with large chains running on Azure and Microsoft 365.
Mitford said Microsoft is leaning on its existing trust and long-standing relationships with retailers, along with a commitment to responsible AI, to help differentiate itself from rivals.
Microsoft is making the broader case for AI to retailers based on return on investment. A Microsoft-commissioned study from IDC, released in November, found that retail and consumer packaged goods companies are seeing a 2.7x return on every dollar spent on generative AI.
Mitford, a former fashion designer who has been in the technology industry for most of her career, said she sees the retail sector among the leaders in AI uptake across the business world.
The technology, she said, is being “adopted at a pace that I’ve never seen.”
Microsoft’s logo on the company’s Redmond campus. (GeekWire File Photo)
Two human rights proposals at Microsoft’s annual shareholder meeting drew support from more than a quarter of voting shares — far more than any other outside proposals this year.
The results, disclosed Monday in a regulatory filing, come amid broader scrutiny of the company’s business dealings in geopolitical hotspots. The proposals followed a summer of criticism and protests over the use of Microsoft technology by the Israeli military.
The filing shows the vote totals for six outside shareholder proposals that were considered at the Dec. 5 meeting. Microsoft had announced shortly after the meeting that shareholders rejected all outside proposals, but the numbers had not previously been disclosed.
According to the filing, two proposals received outsized support:
Proposal 8, filed by an individual shareholder, called for a report on Microsoft’s data center expansion in Saudi Arabia and nations with similar human rights records. It asked the company to evaluate the risk that its technology could be used for state surveillance or repression, and received more than 27% support.
Proposal 9, seeking an assessment of Microsoft’s human rights due diligence efforts, won more than 26% of votes. The measure called for Microsoft to assess the effectiveness of its processes in preventing customer misuse of its AI and cloud products in ways that violate human rights or international humanitarian law.
Proposal 9 had received support from proxy advisor Institutional Shareholder Services — a rare endorsement for a first-time filing. Proxy advisor Glass Lewis recommended against it.
The measure attracted 58 co-filers and sparked opposing campaigns. JLens, an investment advisor affiliated with the Anti-Defamation League, said Proposal 9 was aligned with the Boycott, Divestment and Sanctions movement, which pressures companies to cut ties with Israel. Ekō, an advocacy group that backed the proposal, said the vote demonstrated growing concerns about Microsoft’s contracts with the Israeli military.
In September, Microsoft cut off an Israeli military intelligence unit’s access to some Azure services after finding evidence supporting a Guardian report in August that the technology was being used for surveillance of Palestinian civilians.
Microsoft’s board recommended shareholders vote against all six outside proposals at the Dec. 5 annual meeting. Here’s how the other four proposals fared:
Proposals 5 and 6, focused on censorship risks from European security partnerships and AI content moderation, drew less than 1% support.
Proposal 7, which asked for more transparency and oversight on how Microsoft uses customer data to train and operate its AI systems, topped 13% support.
Proposal 10, calling for a report on climate and transition risks tied to AI and machine‑learning tools used by oil and gas companies, received 8.75%.
On a cold winter’s day in December 1995, Microsoft co-founder Bill Gates shook the tech world with plans to embed internet connectivity into all of Microsoft’s major products, making headlines across the country. Click to enlarge. (GeekWire Graphic / Geof Wheelwright)
December 7 carries historical weight well beyond the tech world, but for those who covered Microsoft in the ’90s, the date has another resonance. Thirty years ago today, Bill Gates gathered more than 200 journalists and analysts at Seattle Center to declare that the company was going “all-in” on the internet.
As managing editor for Microsoft Magazine at the time, I was there, and I remember it well. Three decades later, I can’t help but see the parallels to Microsoft’s current AI push.
The moves that Microsoft kicked off that day to build internet connectivity into all its products would reverberate throughout the next decade, helping to lay the foundation for the dot-com boom years and arguably the eventual rise of cloud computing.
The release of Internet Explorer 2.0 as a free, bundled browser, the internet-enablement of Microsoft Office, the complete revamping of the still-new MSN online service, Microsoft’s licensing of Java from Sun Microsystems and a focus on how the internet might be used commercially were all pieces of the Microsoft plan unveiled that day.
Internet Explorer 2 was a modest, but ambitious, part of Microsoft’s 1995 internet enablement strategy. (GeekWire Screenshot / Geof Wheelwright)
“The internet is the primary driver of all new work we are doing throughout the product line,” Bill Gates told the assembled technology press in 1995. “We are hard core about the internet.”
Substitute the word “AI” for “internet” and you have a statement that current Microsoft CEO Satya Nadella could have made at any moment in the last couple of years.
“Fifty years after our founding, Microsoft is once again at the heart of a generational moment in technology as we find ourselves in the midst of the AI platform shift,” Nadella wrote in his 2025 annual letter to shareholders. “More than any transformation before it, this generation of AI is radically changing every layer of the tech stack, and we are changing with it.”
Whether you are using the Microsoft Azure cloud platform; running a Windows 11 PC, tablet, or laptop; spending time on LinkedIn; or using Microsoft 365, you will find AI baked in.
Comparing then and now, there are insights in both the similarities and the differences, and lessons from Microsoft’s mid-’90s missteps and successes that are still relevant today.
What’s the same?
The challenge of navigating the shift to a new generation of technology in a large, fast-moving company is the biggest similarity between now and 30 years ago.
Bill Gates launches Windows 95 in August 1995, just four months before the company’s massive internet pivot. (Microsoft Photo)
Microsoft was a lot smaller in 1995, but it was still the dominant force in the software industry of its day. When the company launched Windows 95 in August of 1995, it came with the first versions of both Internet Explorer and MSN. Within four months, it had to ship new, better versions of those products alongside a whole lot of other changes.
The push for speedy change grew out of something the company had been telling its senior leaders for several months prior to the launch of Windows 95: It had to move fast and do more if it was going to catch up in a race that it couldn’t afford to lose.
Gates’ famous “internet tidal wave” memo from May 26, 1995 (which later became an antitrust exhibit) spelled out both the threat and opportunity — calling the internet “the most important single development to come along since the IBM PC was introduced in 1981.”
Later in the memo, Gates acknowledged a significant problem: Microsoft would have to explain why publishers and internet users should use MSN instead of just setting up their own website — and he admitted that the company didn’t have a great answer.
Fast forward to March 2023, a few months after Microsoft partner OpenAI launched ChatGPT, when Satya Nadella made the scale of the AI era clear in a speech on the future of work.
“Today is the start of the next step in this journey, with powerful foundation models and capable copilots accessible via the most universal interface: natural language,” Nadella said. “This will radically transform how computers help us think, plan, and act.”
Of course, Microsoft CEOs have learned a lot over the last 30 years, including the importance of not pointing out the company’s shortcomings in memos that could end up being seen by the rest of the world. Nadella offered nothing like Gates’ MSN admission. But his comments about the size of the AI challenge and opportunity were a direct parallel to the urgency that Gates expressed about the internet 30 years ago.
What’s different?
In the world of PC operating systems and software, Microsoft in the 1990s was king — with few competitors that came even close to the kind of market share it enjoyed. It was arguably late in making a bet-the-company pivot to the internet, but doing so from a very strong position.
Thirty years later, amid the rise of artificial intelligence, Amazon, Google, Nvidia, OpenAI, and Anthropic are part of a more complex network of competitors and partners.
Back in 1995, the big competition was perceived as coming from Netscape and other fast-moving internet startups — and Microsoft was the behemoth battling the insurgents.
The New York Times’ headline about the 1995 event summed up the framing: “Microsoft Seeks Internet Market; Netscape Slides.” As The Seattle Times put it, “Microsoft plays hardball — Game plan for the Internet: Crush the competition.” Many others echoed the theme.
The Seattle Times’ coverage of Microsoft’s internet pivot captured the competitive themes of the day. (Click to enlarge)
I saw that competitive dynamic first-hand at the press event, when by a stroke of luck I ended up sitting beside Bill Gates at lunch. I recall him being a little annoyed by questions about the Java licensing deal with Sun and the broader press interest in the Netscape/Microsoft narrative. He wanted to focus on the broader impact of the day’s announcements.
He stressed, for example, that the licensing by Microsoft of Sun’s Java programming language for use with Microsoft’s Internet Explorer browser was not really a big deal.
“Java you can recreate trivially,” Gates told me, brushing off the licensing deal as a routine business decision, not much different than many others Microsoft made over the years.
The scale is also drastically different. For example, my January 1996 cover story for Microsoft Magazine quoted Gates explaining how the “150 million users of Windows” would benefit from the internet integration it was undertaking across 20 new products and technologies.
In today’s terms, those numbers look tiny. In a blog post earlier this year, Microsoft executive vice president Yusuf Mehdi said Windows now powers more than 1.4 billion monthly active devices. That doesn’t include Microsoft’s massive cloud computing business, Microsoft 365, LinkedIn, Xbox, and its already-significant AI-attributable revenue from Copilot.
The investment gap is more dramatic, even adjusted for inflation. Microsoft poured more than $88 billion into capital expenditures last fiscal year, much of it on AI infrastructure. In 1995, the company’s $220 million deal with NBC to launch MSNBC sounded like a lot of money.
That MSNBC deal, however, highlights another important contrast between the present and the past. In 1995, no one really knew where the internet (and the web) was going to go. Fortunes were made and lost trying to predict which business models would work online.
Tim Bajarin, CEO of the consultancy Creative Strategies and a longtime industry analyst, says Microsoft is better positioned now than it was in 1995. The difference: we already have the underlying architecture for useful AI applications. That wasn’t true with the internet back then.
“We didn’t see the value proposition until we saw the role of applications built on a web-based architecture,” Bajarin said. “That is what is significantly different.”
Lessons for today
Microsoft’s AI push, Bajarin said, will succeed only if it delivers genuine value — implementations that solve real problems and show clear return on investment.
Recent headlines suggest not everyone is convinced. ‘No one asked for this’: Microsoft’s Copilot AI push sparks social media backlash, declared Germany’s PC-WELT magazine. It’s the same question Gates couldn’t answer about MSN in 1995: Why should anyone use this?
Microsoft CEO Satya Nadella speaks at the company’s 50th anniversary event. (GeekWire File Photo / Kevin Lisota)
Perhaps the biggest lesson on the competition front is that there is no guarantee of longevity or relevance in tech. Only one of the competitors listed in the December 1995 New York Times story is still around – IBM – and it is a vastly different company than it was then.
There is one more lesson, about the cost of success. Microsoft’s aggressive internet push worked — but it also triggered a Department of Justice investigation that lasted from 1998 to 2001. Competing hard is essential. Competing too hard has consequences.
AzureStrike is a red team toolkit for attacking Azure Active Directory, enabling reconnaissance, credential abuse, and persistence in cloud environments.
Minimizing who can access your data and when is one of the cornerstones of cybersecurity as it helps to decrease the chance of sensitive information falling into the hands of a malicious actor. It also protects data against being accidentally viewed (or even inadvertently leaked!) by an authorized user.
Because privileged user accounts hold higher levels of access than other user accounts, they need to be monitored more closely. PIM is a service in Azure Active Directory that allows you to restrict access in a variety of cool ways, from making it time-bound to implementing just-in-time access.
In her exploration of Privileged Identity Management in Azure Active Directory, Paula covers:
Assigning roles
Adding assignments
Giving global administrative rights to a user
Configuring limited time access that expires after a specified time
How to activate a role and monitor it using Assigned Admins
Holiday time is approaching and we know that everyone loves to receive gifts! Especially at CQURE, the idea of sharing is close to us and we would like to invite you to our Great Racoon Giveaway Contest, where you will get a chance to win $3920-worth voucher for any of CQURE Academy Live Courses!
Please click on the below banner to find out more about the contest:
Identity Protection is a security feature in Azure Active Directory that helps to prevent, detect, and remediate identity risk in an organization. Using multiple detections, it monitors every login for identity compromise, sorting sign-ins into three categories of risk: low, medium, and high.
These risk ratings can be used to create automated user risk policies that balance employee productivity with corporate security. For example, multi-factor authentication can be set as a requirement for a sign-in that is high-risk.
Join Paula as she reviews the different policies in Azure’s Identity Protection (User Risk, Sign-in Risk, and MFA Registration) and explains how to:
Select which users you want to include in the policy
Exclude specific users (such as your ‘break-glass’ account so that you cannot be accidentally logged out of Azure Active Directory)
Specify risk levels as high, medium, or low in the User Risk section
Block access or allow access but require a password change in the Access section
Activate and enforce a policy that you have set up and configured
Paula shows how to monitor your organization for risky users and risky sign-ins in the Report section of Azure’s Identity Protection dashboard and takes you through how to delete the conditional access policies you create.
Discover what happens when a log-in to an organization’s Microsoft Office portal from a Tor browser is flagged as “something strange” by Azure AD’s Identity Protection. You’ll also learn how to mark identity as compromised if, for example, sign-ins have been made in two completely different locations using that identity.
Paula covers identity security from the perspectives of both the administrator and the user, giving a clear view of the steps an employee must take when their account has been identified as risky.
With this identity security lesson under your belt, you’ll be able to intelligently react to potentially dangerous situations. Take a stroll around the CQURE Academy blog now for more Azure Active Directory security tips including ‘8 things to avoid’ in Azure AD.
Holiday time is approaching and we know that everyone loves to receive gifts! Especially at CQURE, the idea of sharing is close to us and we would like to invite you to our Great Racoon Giveaway Contest, where you will get a chance to win $3920-worth voucher for any of CQURE Academy Live Courses!
Please click on the below banner to find out more about the contest:
Regulating access to your company’s files, systems, and applications cuts the risk of your data falling into the hands of hackers, threat actors and thieves.
While standard privilege management stops at ID-based authentication, conditional access in Azure Active Directory gives greater flexibility and control by allowing remote connections only when certain conditions are met.
Using conditional access, an administrator can regulate access by user location, device type, the kind of application or file being used and more. To achieve this, the administrator creates an Azure Active Directory security policy that specifies which condition(s) must be met for access to be allowed.
In this back-to-basics CQURE Hacks episode, Paula J demonstrates how to create secure conditional access policies and monitor access in the Azure Active Directory.
>>> Controlling access by a user’s IP address
o Add the IP range’s location
o Define the range to be assigned to the policy
o Name the policy e.g., ‘Corporate IP range’
o Specify the trusted IP addresses related to the location
>>> Controlling access by the kind of user or group, e.g., corporate only
o Create a new policy
o In conditions, specify login from corporate IP addresses
o Exclude sign-ins from other users and groups
>>> Controlling access by location
o A demonstration using the United States and Poland as examples
>>> Creating emergency access accounts known as “break glass accounts” to prevent yourself being accidentally locked out of your Azure Active Directory
>>> More ways to regulate access
o Blocking access
o Enforcing multifactor authentication
o Session controls
>>> Final steps
o Turning on policies
o Testing polices
o Monitoring user access via the dashboard
After you’ve set up conditional access in Azure Directory, browse our blog to discover more clever ways to secure your data.
Cybercriminals can decrypt user passwords and compromise administrator accounts by hacking into Azure AD Connect, the service that synchronizes Azure AD with Windows AD servers. Once inside the system, the attackers can exfiltrate and encrypt an organization’s most sensitive data.
Azure AD users often overlook crucial steps, such as implementing multi-factor authentication for all users joining the Active Directory with a device. Failure to require MFA makes it easier for an attacker to join a malicious device to an organization using the credentials of a compromised account.
Increased security risk isn’t the only consequence of a poorly set up AD. Misconfigurations can cause process bottlenecks leading to poor performance. The following guide was created by CQURE’s cybersecurity expert – Michael Graffneter specialized in securing Azure Active Directory, to help you detect and remedy some of the most common Azure AD misconfiguration mistakes.
8 Things to Avoid In Azure Active Directory
1. Production Tenants Used for Tests
During security assessments, we often see production tenants being used by developers for testing their “Hello World” apps. We recommend that companies have standalone tenants for testing new apps and settings. Needless to say, the amount of PII accessible through such tenants should be minimized.
2. Overpopulated Global Admins
User accounts that are assigned the Global Admin’s role have unlimited control over your Azure AD tenant and in many cases also over your on-prem AD forest. Consider using less privileged roles to delegate permissions. As an example, security auditors should be fine with the Security Reader or Global Reader role.
3. Not Enforcing MFA
Company administrators tend to create “temporary” MFA exclusions for selected accounts and then forget about them, making them permanent. And due to misconfigurations, trusted IP address ranges sometimes include guest WiFi networks. Even with the free tier of Azure AD, one can use Security defaults to enable multi-factor authentication for all users. And users assigned the Global Administrator role can be configured to use multi-factor authentication at all times.
4. Overprivileged Applications
Many applications registered in Azure AD are assigned much stronger privileges than they actually require. It is also not obvious that app owners can impersonate their applications, which sometimes leads to privilege escalation. Registered applications and service principals should be regularly audited, as they can be used by malicious actors as persistent backdoors to the tenant.
5. Fire-and-Forget Approach to Configuration
Azure AD is constantly evolving and new security features are introduced regularly. But many of these newly added features need to be enabled and configured before they can be used, including the super-cool passwordless authentication methods. Azure AD deployment should therefore not be considered a one-time operation but rather a continuous process.
6. Insecure Azure AD Connect Servers
Azure AD Connect servers are used to synchronize Azure AD with on-premises AD, for which they need permissions to perform modifications in both environments. This fact is well-known to hackers, who might misuse AAD Connect to compromise the entire organization. These servers should therefore be considered Tier 0 resources and only Domain Admins should have administrative rights on them.
7. Lack of Monitoring
Even with an Azure AD Premium plan, user activity logs are only stored for 30 days. Is this default behavior really enough for your organization? Luckily, custom retention policies can be configured when Azure AD logs are forwarded to the Azure Log Analytics service, to the Unified Audit Log feature of Microsoft 365, or to 3rd-party SIEM solutions. And components like Azure AD Identity Protection or Azure Sentinel can automatically detect anomalies in user activity.
8. Default Settings
Not all default settings provide the highest security possible. Users can register 3rd party applications in Azure AD, passwordless authentication methods are disabled and ADFS endpoints with NTLM authentication that bypasses the Extranet Smart Lockout feature are published on proxies. These and other settings should be reviewed during Azure AD deployment and adjusted to fit organizational security policies.
Azure AD is a critical attack surface that needs continuous monitoring for misconfigurations. We hope this guide makes managing the security of your AD easier by helping you to detect and resolve vulnerabilities.
Synack Joins the Microsoft Intelligent Security Association (MISA)
Synack has recently joined the Microsoft Intelligent Security Association (MISA) and integrated with Microsoft Sentinel. This means that Microsoft Sentinel users can now easily access Synack’s global team of security experts for on demand testing of cloud assets. MISA is an ecosystem of independent software vendors and managed security providers who integrate their security solutions with Microsoft platforms and technology to increase visibility and minimize threats.
This announcement is only one component of this growing partnership and is a testament to the commitment both Synack and Microsoft have to providing flexible and scalable security solutions. Extending Microsoft’s security capabilities through partnerships and integrations like that with Synack, reduce cost and complexity for enterprises looking for end-to-end cloud security solutions.
Synack Helps Secure Microsoft Azure Hybrid Clouds
Keeping your hybrid cloud safe and secure from cyber criminals is a daunting task. Hackers are constantly searching for vulnerabilities in your cloud that they can exploit to gain access. You need to be constantly vigilant and discover and resolve all the vulnerabilities in your system while they only need to find one to be successful in penetrating it to perpetrate their cybercrime activities.
To help you more effectively protect your network from cybercriminals, Synack is now providing integrations to two key Microsoft cloud security solutions: Microsoft Defender for Cloud and Microsoft Sentinel. Additionally, new cloud-oriented services are available through Synack Campaigns, which provide on-demand access to members of the Synack Red Team for completing targeted security objectives.
Synack Provides Critical Information for Remediation of Exploitable Vulnerabilities
Microsoft Sentinel and Microsoft Defender for Cloud play a significant role in improving security operations. Microsoft Defender for Cloud provides recommendations, alerts and diagnostics to Microsoft Sentinel to provide better analytics and incident response. Microsoft Sentinel provides an overall picture of what is happening in your network taking in data from multiple sources to give security analysts a powerful tool to detect and respond to cyberattacks. Together these two solutions help provide seamless and effective security operations.
But there is a critical piece missing in this security view. You need to be able to validate misconfigurations and create attack vectors to search for and report exploitable vulnerabilities at the network layer as well as internally in your cloud. Synack, the premier security testing platform powered by the most skilled and trusted community of global security researchers provide continuous penetration testing and vulnerability discovery with actionable data and report the results to Microsoft Defender for Cloud and Microsoft Sentinel where the vulnerabilities can be investigated, analyzed, and resolved. You can run a one-time assessment, or sign up for continuous testing of your system.
View Synack Vulnerability Assessment Results in Microsoft Defender for Cloud and Microsoft Sentinel
When it comes to exploitable vulnerabilities in your cloud, time-to–resolution is critical. Synack’s new integrations to Microsoft Defender for Cloud and Microsoft Sentinel automatically sync the results of Synack vulnerability assessments to those security solutions to help decrease time-to-resolution. There is no need for human intervention or cumbersome transfer of information. You have all your vulnerability information in one place in screens that your security teams are used to working with.
Automatically Create Vulnerability Entries in Defender for Cloud
With Synack’s new integration to Microsoft Defender for Cloud, customers can create a Synack Vulnerabilities custom workbook in Defender for Cloud. The Microsoft Defender for Cloud workbook displays the exploitable vulnerabilities discovered in the Synack vulnerability assessment along with a severity status and scoring. The data syncs automatically from the Synack Client Portal directly to Microsoft Defender for Cloud.
Automatically Create Incidents in Microsoft Sentinel
Similarly, Synack’s new integration to Microsoft Sentinel synchronizes vulnerability data from your Synack account to Microsoft Sentinel for further management and remediation. It automatically creates an incident in Microsoft Sentinel for each vulnerability and keeps the incident up-to-date with the latest changes in the vulnerability.
A Holistic View of Your Cloud Security
Syncing vulnerability results from Synack to Microsoft Defender for Cloud and Microsoft Sentinel puts all of your vulnerability information in one place in a format that Microsoft Azure users are accustomed to seeing. There’s no need to log into another tool or become familiar with another report format in order for security engineers and managers to determine the health and security of their networks. Security teams can take appropriate action and update vulnerability status right in the Microsoft tool.
This capability becomes even more critical as Synack continues to expand its Microsoft Azure-specific testing portfolio, including continuous testing for Microsoft Azure and the Microsoft Azure Security Benchmark Campaign.
You can choose the sync cadence, and you can visualize your vulnerability data using Microsoft Defender for Cloud’s graphs and charts. You’ll get a high-level overview of vulnerability information, such as status, and can track these changes over time. For any assessment, you can see the associated vulnerabilities, and for more detailed information, you can link directly to the full vulnerability info provided in the Synack Client Portal. Any new vulnerabilities will automatically sync and populate into Defender for Cloud and newly discovered vulnerabilities will automatically sync and populate incidents into Microsoft Sentinel where they become part of a holistic security view. Executives or anyone else who wants to see this vulnerability or incident information can do so in Microsoft Azure display screens.
Integration Is Easy
Synack provides the custom Microsoft Azure Workbook with Synack Vulnerabilities data within your Microsoft Defender for Cloud. A backend application hosted on Synack premises provides a Custom Endpoint for the Workbook. Synack provides the default template for the Synack Vulnerabilities workbook. You can further modify the looks of your workbook, or use the endpoint to create new workbooks. It’s up to you how you want to view and manage the exploitable vulnerabilities.
Synack makes the integration easy. All you need to do is create a Synack API token and then deploy the Synack Workbook ARM template to Microsoft Defender of Cloud. After that you can access your workbook in Microsoft Defender for Cloud. Each time Synack performs a vulnerability assessment, the results will be displayed in the Microsoft Defender for Cloud workbook.
For Microsoft Sentinel, Synack provides a data connector to synchronize the vulnerability data from your Synack account. The data synchronization is performed by a Microsoft Azure Function that uses both Synack and Microsoft Sentinel APIs to pull the Synack data over to Microsoft Sentinel. Once you deploy the data connector you will start seeing new incidents in Microsoft Sentinel created from the Synack vulnerabilities. If the status of a Synack vulnerability changes, the status of the corresponding Microsoft Sentinel incident will be updated accordingly.
Now You Have a Holistic View of Your Network Security Posture
To help reduce time-to-resolution, Synack’s integrations to Microsoft Defender for Cloud and Microsoft Sentinel give you a holistic view of your network’s health and security posture encompassing all your exploitable vulnerability information, including the results of Synack penetration testing, in one place in familiar Azure screens.
On-demand Testing for Cloud Configuration with Synack Campaigns
Synack Campaigns provide on-demand access to the Synack Red Team for completion of targeted security tasks, augmenting internal teams while solving for the cybersecurity talent gap. The Azure Security Benchmark Infrastructure Campaign provides Synack researcher testing against Azure security controls. This Campaign will utilize a researcher with the right skills to provide a true adversarial perspective against your Azure services, and will validate your ASB status seen in Microsoft Defender for cloud.
For information on Synack’s partnership with Microsoft, learn more here.
Synack works with Microsoft to provide a one-stop shop for Microsoft Azure-based cloud security.
Microsoft Azure comes equipped with all the right security controls, but effective deployment and management of these controls is an ongoing process, driven by evolution and risk tolerance . Proper implementation of cloud rollouts and ongoing maintenance can be a challenge, even for large organizations, leading to a lack of protections such as least privilege for access controls. And attacks on the cloud appear to be growing. Verizon’s 2021 Data Breach Investigations Report found that “external cloud assets were more common than on-premises assets in both incidents and breaches.”
Security teams are left responsible for not only securing cloud assets, but also for ongoing cyber hygiene training and developing common sense policies to protect an organization’s assets. It can be an overwhelming task. Based on an increase in cloud misconfiguration vulnerabilities reported by the Synack Red Team in 2020, it is clear the existing solutions and frameworks are fragmented—leaving ample room for malicious exploits.
But now, finally, there is a better way!
By combining the power of Synack, the premier crowdsourced platform for on-demand security expertise, with Microsoft’s Azure Security Modernization (ASM) solution, enterprise and government organizations now have a scalable solution for cloud security planning, management, and improvement.
Per a Microsoft Blog Post from earlier this year, Microsoft Azure applications and infrastructure deployments have grown at leaps and bounds for nearly 20 years. In parallel, Microsoft has emerged as a cybersecurity leader—recently announcing a whopping $10 billion in revenue for its security business over the past 12 months. This represents more than 40 percent year-over-year growth (Vasu Jakkal, 2021). Microsoft security experts have deployed Microsoft services and solutions to secure 400,000 customers across 120 countries, including 90 of the Fortune 100. Integrations such as the one with Synack amplify Microsoft’s ability to continue to grow and innovate across all types of organizations.
Microsoft ASM solution helps its clients stay ahead of adversaries. It deploys a Microsoft Azure-centric, continuous approach to security (see chart below), led by Microsoft security experts, and powered by the Synack Platform. ASM includes a four-phase continuous security model: Plan, Develop, Deliver, and Measure which programs, implements, and tests Microsoft Azure security requirements and controls.
Synack’s unique combination of a continuous, crowdsourced platform and smart vulnerability detection technology makes the discovery of security vulnerabilities easy, fast, and actionable! Synack-found vulnerabilities are reported and fed into ASM’s “Measure” phase to enable future “Planning” phases with real-world security testing data. Synack’s controlled and 24/7 testing, alongside its Azure integrations, ensures the changing boundaries and assets of today’s dynamic environments are tested safely and comprehensively.
“Thanks to our integration with Synack, we can now go beyond reviewing security configurations against recommended practices to include real time scanning of an environment against known security vulnerabilities. This allows us to help our customers further reduce risk by having a more comprehensive and tailored remediation plan fit to their needs.” says Heath Aubin, Director of Business Program Management, Security Strategy and Solutions at Microsoft Corp.
Synack’s cloud integrations allow for quick deployment of a variety of pentesting methodologies within a Microsoft Azure environment based on an organization’s goals and requirements. The first is open vulnerability discovery to uncover and report exploitable issues within a Microsoft Azure environment. The second includes targeted, offensive assessments aligned to the Microsoft Azure Security Benchmark.
Synack designed these targeted tests alongside the ASM Solution Owners for an on-demand mechanism to quickly highlight areas of weakness within a Microsoft Azure environment.
Leveraging the integration between Synack and ASM customers can experience a comprehensive testing and mitigation sequence to support compliance, asset management and planning, and expert level insight into the security of their Azure assets.
Login
