No bulky books, just short cut Questions of MS-700 exam

killexams.com MS-700 test questions involves a Comprehensive Pool of MS-700 Issues and Answers having boot camp validated and approved along with personal references and explanations. Each of our objectives to train the MS-700 Questions and even Answers is not merely to pass typically the MS-700 test at typically the first attempt although Really Improve Your current Knowledge about typically the MS-700 test subjects.

Exam Code: MS-700 Practice exam 2022 by Killexams.com team
MS-700 Managing Microsoft Teams

EXAM ID : MS-700
EXAM NAME : Managing Microsoft Teams

The Microsoft Teams Administrator configures, deploys, and manages Office 365 workloads for Microsoft Teams that focus on efficient and effective collaboration and communication in an enterprise environment.

The Teams Administrator must be able to plan, deploy, and manage Teams chat, apps, channels, meetings, audio conferencing, live events, and calling. The Teams Administrator is also responsible for upgrading from Skype for Business to Teams. Candidates for this exam should be proficient at managing Teams settings by using PowerShell. The Teams Administrator has a fundamental understanding of integration points with apps and services, including but not limited to SharePoint, OneDrive, Exchange, Azure AD, and Office 365 Groups. The Teams Administrator understands how to integrate external apps and services.

The Teams Administrator collaborates with Telephony engineers to integrate advanced voice features into Microsoft Teams. This role is not responsible for configuring direct routing, configuring call routing, or integrating telephony. The Teams Administrator may work with other workload administrator roles, including security and compliance, messaging, networking, identity, and devices.

- Plan and configure a Microsoft Teams environment (45-50%)
- Manage chat, calling, and meetings (30-35%)
- Manage Teams and app policies (20-25%)

Plan and configure a Microsoft Teams environment (45-50%)
Upgrade from Skype for Business to Microsoft Teams
 choose an appropriate upgrade path and coexistence mode to meet specific requirements
 plan and troubleshoot meeting migration
 configure Microsoft Teams upgrade notification and meeting app preferences
 configure coexistence mode for the organization and per-user
 use Teams Advisor to assess and identify steps to roll out Microsoft Teams
Plan and configure network settings for Microsoft Teams
 plan for successful network deployment by using Network Planner
 calculate network bandwidth capacity for Microsoft Teams voice, video, meetings and Live Events
 assess network readiness by using the Network Testing Companion
 configure network ports and protocols used by Microsoft Teams client application
 configure media optimizations by using QoS
 configure and manage locations including reporting labels, emergency addresses, and network topology, and networks & locations
Implement governance and lifecycle management for Microsoft Teams
 create and manage team templates
 set up policies for Microsoft 365 group creation
 configure Microsoft 365 groups, expiration policy, and naming policy
 archive, unarchive, delete, and restore a team
 configure and manage update policies
Configure and manage guest access
 configure guest users for Microsoft Teams
 configure guest permissions for a team
 configure meeting and live events experiences for guests
 configure messaging and calling options for guests
 remove guests
 manage Azure AD access review for guests
 configure guest access from Azure AD portal
Manage security and compliance
 assign Microsoft Teams Admin roles
 create and manage compliance features, including retention policies, sensitivity labels, and data loss prevention (DLP) policies
 create security and compliance alerts for Microsoft Teams
 create an information barrier policy
 interpret security reports for Microsoft Teams
Deploy and manage Microsoft Teams endpoints
 deploy Microsoft Teams clients to devices, including Windows, VDI (Virtual Desktop), Windows Virtual Desktop (WVD), MacOS, and mobile devices
 manage configuration profiles
 manage Microsoft Teams device tags
 manage device settings and firmware
 configure Microsoft Teams Rooms
Monitor and analyze service usage
 interpret Microsoft Teams usage reports
 interpret Microsoft 365 usage reports
 optimize call quality by using Call Analytics
 analyze organization-wide call quality by using Call Quality Dashboard
 use Power BI to identify call quality issues

Manage Chat, Calling, and Meetings (30-35%)
Manage chat and collaboration experiences
 configure messaging policies
 manage external access
 manage channels for a team
 manage private channel creation
 manage email integration
 configure external access for SharePoint and OneDrive for Business
 manage cloud file storage options for collaboration
Manage meeting experiences
 configure meeting settings
 create and manage meeting policies
 configure settings for live events
 create and manage policies for live events
 configure conference bridge settings
Manage phone numbers
 recommend a PSTN connectivity solution based on specific business requirements
 order phone numbers
 manage service numbers
 add, change, or remove an emergency address for your organization
 assign, change, or remove a phone number for a user
 manage voice and audio conferencing settings for users
 configure dynamic emergency policies
Manage Phone System
 manage resource accounts
 create and configure call queues
 create and configure auto attendants
 manage call park policies
 manage calling policies
 manage caller ID policies
 interpret the Direct Routing health dashboard

Manage Teams and app policies (20-25%)
Manage a team
 create a team
 upgrade an existing resource to a team
 manage privacy levels for a team
 manage org-wide teams
 customize and apply policy packages
Manage membership in a team
 manage users in a team
 configure dynamic membership
 manage access review for team members
Implement policies for Microsoft Teams apps
 manage Org-wide app settings
 create and manage app permission policies
 create and manage app setup policies
 manage apps store customization

Managing Microsoft Teams
Microsoft Microsoft Questions and Answers
Killexams : Microsoft Microsoft Dumps - BingNews https://killexams.com/pass4sure/exam-detail/MS-700 Search results Killexams : Microsoft Microsoft Dumps - BingNews https://killexams.com/pass4sure/exam-detail/MS-700 https://killexams.com/exam_list/Microsoft Killexams : Microsoft Authenticator App for Apple Watch to Be Discontinued in January

Microsoft Authenticator for iOS will drop support for the Apple Watch companion app from January 2023, the company has revealed.

Microsoft Authenticator
Used principally for signing into Microsoft accounts with two-step verification enabled, the Microsoft Authenticator for iOS gained an Apple Watch companion app in 2018.

The watch app supports Microsoft personal, work, and school accounts that are set up with push notifications and lets users bypass the need to pick up their iPhone at all to complete the authentication process.

However, this functionality is being removed at the beginning of next year. Microsoft documented the change to the iOS app in an updated FAQ webpage. In answer to the question "Is Apple Watch supported for Authenticator on iOS?" Microsoft gives the following reply:

In the upcoming Authenticator release in January 2023 for iOS, there will be no companion app for watchOS due to it being incompatible with Authenticator security features. This means you won't be able to install or use Authenticator on Apple Watch. We therefore recommend that you delete Authenticator from your Apple Watch. This change only impacts Apple Watch, so you will still be able to use Authenticator on your other devices.

Microsoft did not specify which security features the watchOS app is incompatible with going forward, and instead simply directs users to the ‌iPhone‌ or iPad app to authenticate login attempts.

The Microsoft Authenticator app for Apple Watch joins a long list of abandoned third-party watchOS apps that have been discontinued over the last few years, either because of perceived redundancy or lack of user uptake. Other notable Apple Watch apps that have got the chop include Twitter, Instagram, Target, Trello, Slack, Hulu, and Uber.

Mon, 12 Dec 2022 21:48:00 -0600 en text/html https://www.macrumors.com/2022/12/13/microsoft-authenticator-watchos-app-discontinued/
Killexams : I oversaw hiring at Microsoft. Here's the one interview question that makes or breaks job candidates — and what I looked for in an answer.
  • Chris Williams is the former VP of HR at Microsoft and a podcaster, consultant, and TikTok creator.
  • He always asks job candidates to tell him something they've learned recently.
  • Quality candidates will have a ready answer that shows their passion; if they get stuck, it's a red flag.

If I could pick just one question to ask a candidate in an interview, it would be short and simple. A great answer would kick off a discussion between us and tell me almost everything I need to know about them.

As a former VP of HR at Microsoft, I've not only interviewed countless candidates, but I've worked with and led interviewer training for hiring managers at all levels. 

There are a few important things I'm looking for when hiring. I want to see a smart, passionate learner who can communicate. Someone who can dive right into whatever challenge comes their way. A person who will promptly learn what they need to and help others by sharing what they've learned.

There's one question I like to ask shortly after the pleasantries, near the top of the interview. It sets the tone and often leads to a great conversation. That question is:

Tell me something you've learned in the last couple of days.

Doesn't have to be about work, could be anything, just something you've learned very recently.

A great candidate will have a ready answer

Maybe they've learned how to format pivot tables in Excel. Perhaps it's how to make a better battle bot. Could be the history of a poet they love. Or how to teach their child to ride a bike. Maybe it's how to cook leeks. 

I've seen people talk about games they love and sports they've just picked up. One positively lit up about racing cars. Their passion for the details mixed with the adrenaline of the sport was fun to listen to. And their fascination for the connection between the electronic and mechanical technology told me they would be great in the project I was hiring for.

The thing they learned isn't crucial. What you want to see is what they learned and how they learned it. A passionate learner will have studied the subject to understand all they could.

They searched and read about the poet. They watched videos about teaching bike riding. They looked up the history and best practices for cooking leeks. 

You'll hear it in their voice, you'll see it in their eyes. With just a little prompting, "Tell me more about battle bots," you'll see them light up. Their passion will shine through. Soon, you won't be able to shut them up about it.

There's no need to rush them. The unusual question might take them aback.  You can tell them to take their time. Maybe help them along: "Something at home, perhaps?"

You also don't have to be a stickler to the timeframe. If they struggle, open it up to the last week or two. The key is to see that they are a continuous learner, not that they learned something last year.

I pay particular attention to how they explain it

A great communicator will know how to frame their passion for the topic. They will make it easy to share what they've learned. Their enthusiasm will show through.

Keep drilling down: "Does the formatting of the spreadsheet stay even when you share it?" A smart learner will have asked that question themselves and have the answer.

A candidate who doesn't have an answer is a red flag 

If you get a candidate who looks at you blankly, and says essentially "I've got nothing," you have an issue. It doesn't happen often; most people have something they've learned, something they can share.

Yet, if they can't think of anything even with some time, help, and prompting, that says a great deal. Is there nothing they're interested in or passionate about? Nothing they are curious enough to learn? That speaks volumes.

They might have skills you need right now. But when the next new thing comes along, will they be able to keep up?

Some candidates take a moment to warm up, and that's OK. Others clearly have passion for the subject but can't explain it well. That's a good sign, they are a learner. But they need to work on sharing it with others. Perhaps you can help coach them there.

But the very best will shine through. 

When you use this question to start a good discussion, it's a win all around. Maybe you'll have found a common interest, and you'll have helped them feel comfortable, even excited, to be there.

The rest of the conversation — or perhaps other interviewers — can focus on details and on their ability to perform the job at hand. But if you supply me just one question to ask, this one can tell you a great deal about the person. 

Best of all, you too will have learned a great deal — about them.

Chris Williams is a leadership advisor, podcaster, TikTok creator, author, and former VP of HR at Microsoft.

Fri, 02 Dec 2022 06:59:00 -0600 en-US text/html https://www.businessinsider.com/best-interview-question-how-to-answer-microsoft-vp-of-hr-2022-12
Killexams : Microsoft's AI can read a document and answer questions about it like a human

Even though Microsoft's digital assistant, Cortana, was mysteriously missing from CES, the Redmond giant has been reiterating that 2018 is the "year of AI". It recently announced partnerships with Fujitsu and Nordcloud to boost the spread of artificial intelligence, and also stated that the firm and Adaptive Biotechnologies will both use AI to decode the immune system.

Now, Microsoft has announced that it has developed an AI that read and answer questions about a document with human-level accuracy.

Image via The Indian Express

In a blog post, the company explained that its Microsoft Research Asia wing has developed an AI which has achieved human parity in the Stanford Question Answering Dataset (SQuAD), a dataset which consists of questions regarding Wikipedia articles. According to the firm, humans have a score of 82.304 on the ExactMatch test based on the metric. However, Microsoft's AI was able to slightly surpass that with a score of 82.650.

It is important to note that Alibaba also submitted a score of 82.440 two days after Microsoft, and both the firms are currently tied for first place on the SQuAD leaderboard.

However, Microsoft says that it is not resting on these laurels and will continue to Boost AI's natural language processing capabilities to the extent that it can easily answer follow-up questions. The company went on to say that:

For example, Microsoft is working on ways that a computer can answer not just an original question but also a follow-up. For example, let’s say you asked a system, “What year was the prime minister of Germany born?” You might want it to also understand you were still talking about the same thing when you asked the follow-up question, “What city was she born in?”

It’s also looking at ways that computers can generate natural answers when that requires information from several sentences. For example, if the computer is asked, “Is John Smith a U.S. citizen?,” that information may be based on a paragraph such as, “John Smith was born in Hawaii. That state is in the U.S.”

Microsoft's achievements in the field of natural language processing and AI will lead to relevant information being easily extracted from a dataset. Scenarios include lawyers searching for a rare legal precedent, doctors locating medical findings from hefty journals, and drivers finding the answer to a particular question in a complicated car instruction manual.

While the company says that there are still challenges to overcome in natural language processing, it is already integrating earlier versions of the AI model to its Bing search engine.

Sun, 30 Oct 2022 03:00:00 -0500 Usama Jawad en text/html https://www.neowin.net/news/microsofts-ai-can-read-a-document-and-answer-questions-about-it-like-a-human/
Killexams : Microsoft’s rumored ‘Super App’ is already here, and it’s not that super

Update: 9 PM ET 12/6

The Information confirms that it had considered Microsoft Start as this app, but it is not the story's focus, and indeed, Microsoft's "super app" idea is reportedly something else. One significant difference I note at the end of this article is that Microsoft Start lacks messaging or a social network, which could be a differentiator for whatever Microsoft has coming next. 

Tue, 06 Dec 2022 07:41:00 -0600 en text/html https://www.windowscentral.com/microsoft/microsofts-super-app-is-already-here-and-its-not-that-super
Killexams : Harvard Health Publishing and 3 other experts answer: Ginger © Provided by ShutterStock Images

Is intermittent fasting good or frequent portions of healthy food good?

Answered by Dr. Howard E. LeWine
M.D. Chief Medical Editor, Harvard Health Publishing · 40 years of experience · USA

There is no definitive answer as to whether intermittent fasting versus smaller more frequent meals is better or healthier. The more important dietary decision is what is included in the diet. People who are interested in losing weight might choose either eating pattern based on which is more likely to successfully lead to reduced total daily caloric intake.

See more questions and expert answers related to ginger.

Can the consumption of ginger lower the levels of harmful cholesterol in the body?

Answered by Dr. Howard E. LeWine
M.D. Chief Medical Editor, Harvard Health Publishing · 40 years of experience · USA

A small study suggests that ginger may help reduce triglyceride and LDL cholesterol levels. Other research shows that ginger can help to boost the immune system and combat inflammation. However, ginger may slow blood clotting, and can be potentially dangerous for people taking antiplatelet or anticoagulant drugs (blood thinners). Also ginger can cause extra bleeding during and after surgery.

See more questions and expert answers related to ginger.

Can ginger help to burn belly fat?

Answered by Dr. Howard E. LeWine
M.D. Chief Medical Editor, Harvard Health Publishing · 40 years of experience · USA

Ginger consumption may help with weight and waist size reduction. But without also reducing calories, the benefits of extra ginger alone will be small. A cautionary note: Ginger may slow blood clotting, and can be potentially dangerous for people taking antiplatelet or anticoagulant drugs (blood thinners). Also ginger can cause extra bleeding during and after surgery.

See more questions and expert answers related to ginger.

Mon, 12 Dec 2022 16:11:00 -0600 en-IN text/html https://www.msn.com/en-in/health/health-news/avoid-becoming-a-lazy-potato-with-these-on-the-go-workout-tips/ar-AA15cWWo
Killexams : Where Microsoft’s open source policy went wrong

In 2001, then-Microsoft CEO Steve Ballmer called Linux “a cancer that attaches itself in an intellectual property sense to everything it touches.” This comment was only one part of Microsoft’s anti open source campaign that began with Bill Gates’ 1976 letter, Open Letter to Hobbyists, which took aim at piracy in the hobbyist community.

Over the past decade, Microsoft has changed its tune on the open source community. It has sponsored open source conferences, hired open source developers, and emerged as one of the top contributors to the Linux kernel. Most recently, Microsoft announced, then postponed, a new Microsoft Store policy designed to prevent outside developers from monetizing previously free and open source software. While the policy would have helped curtail fraud, it also would have inadvertently prevented IP owners from profiting off their own work.

After receiving backlash from the open source community, Microsoft delayed enforcement of the policy to clarify its intentions. But whatever the new policy looks like, it must strike the right balance between upholding the freedoms that open source software is built on, while also protecting against piracy and fraud.

Good intentions

Microsoft’s heart is in the right place when it comes to repairing ties with the open source community. Fraud is common on app stores: Of the top 1,000 apps on Apple’s App Store, nearly 2% are scams that have finessed an estimated $48 million from customers. Microsoft’s policy would mitigate a specific type of fraud but would unfortunately also restrict how developers can monetize their open source software.

Setting restrictions on monetization is a delicate matter. Open source software thrives because of its versatility: Users can run, redistribute, and inspect applications without worry. Restrictions on that freedom set a dangerous precedent. Instead, Microsoft’s new policy should promote novel ways for developers to profit from their open source software.

Here are four monetization methods Microsoft could support that would allow open source developers to profit from their creations.

Copyright © 2022 IDG Communications, Inc.

Tue, 29 Nov 2022 21:16:00 -0600 en text/html https://www.infoworld.com/article/3680048/where-microsofts-open-source-policy-went-wrong.html
Killexams : Why The Market Hasn't Bottomed Yet And Why Microsoft Will Outperform Google
Bear figurine on descending line graph and list of share prices

Adam Gault

It's been a tough year for the stock market, but it's likely going to get tougher. In this article, we'll point to historical data to explain why the market is likely to continue falling. Using macroeconomic factors, we will estimate the potential drop in the S&P 500 (SPY), Microsoft (NASDAQ:MSFT), and Alphabet (NASDAQ:GOOG)(NASDAQ:GOOGL). In addition, we will highlight why Alphabet likely has more downside despite having a lower valuation multiple than Microsoft.

Federal Reserve Rate Hikes Will Lead to a Recession

Previously, we argued that a recession is unlikely to happen unless we get a yield curve inversion between the 10-Year and 3-Month Treasury yields. This is because the 3-month yield inversion has never been wrong, at least not yet. Indeed, below is a picture of the inversion's track record:

Yield Curve

Wikipedia Yield Curve

A likely explanation for this is that the 3-month yield closely follows the Federal Funds Rate, which is the interest rate that banks charge each other to borrow or lend excess reserves overnight. For the 3-month yield to climb higher than the 10-year yield, it means the Federal Reserve has raised the Federal Funds rate above the 10-year yield.

Since the 10-year yield is often used as a proxy for long-term growth expectations, an even higher Federal Funds rate means that the cost of borrowing is higher than the expected growth rate. In our view, this would suggest that the Federal Reserve has tightened too much, thus, eventually leading to a recession.

As a result of the central bank's rate hikes year-to-date, the yield first inverted on October 25th, and has since fallen deeper into negative territory.

10 year vs 3 month treasury yield

Koyfin

Therefore, the countdown has already started, and it would be wise for investors to begin looking at what the potential impact on earnings will be.

How Will Earnings Be Impacted During a Recession?

According to history, we can expect (on average) to see earnings decline by 29.5% from peak to trough.

Average Earnings Decline During Recession

D.A. Davidson Companies

At writing, the market is expecting S&P 500 earnings per share to increase in 2023 to $232.23, meaning that investors aren't actually pricing in an earnings recession yet.

S&P 500 earnings estimates

FactSet

If we assume that the $221.12 EPS estimate for 2022 will be the peak in earnings, then a 29.5% drop from there will equate to an EPS of $155.89. If we assign the average 10-year trailing P/E ratio of 20.4x, the price of the S&P 500 will fall to approximately $3,180. The reason why we chose 2022 as the peak is that analysts are expecting a year-over-year decline for Q4. Thus, it's likely that earnings will continue to be negatively impacted in early 2023 as well as the Fed's restrictive policy begins to take effect.

A more optimistic scenario could be derived from looking at the declines from the 1970s and 1980s. Given that we are facing an inflation problem, it makes sense to look to another time period where inflation was the main culprit behind economic volatility. The average earnings decline during those 4 recessions was 12.85%. In this scenario, EPS will fall to $192.71. When applying the same 20.4x valuation multiple, the price of the S&P 500 comes out to approximately $3,931.

However, will valuation multiples contract? And how can we estimate a reasonable valuation multiple based on the current market conditions? To answer these questions, we will look at the current P/E ratio, the 3-Month Treasury yield (the risk-free rate), and the Fed Funds futures.

According to FactSet, the current P/E ratio is 19.2x on a trailing basis or an earnings yield of roughly 5.21%. With the 3-Month yield at 4.25%, this implies that investors require an approximate 1% in earnings yield over the risk-free rate.

In addition, the Fed Funds rate is currently 3.83%, meaning that investors require an approximate 0.4% premium over the fed funds rate. A look at the futures market shows that investors are expecting the Fed Funds rate to be 4.7% by December 2023 (calculated as 100 - 95.3 = 4.7).

CME FedWatch Tool

CME FedWatch Tool

When adding the approximate total required premium that S&P 500 investors require, we arrive at an earnings yield of 6.1% or a P/E ratio of 16.4x. When applying this multiple to the scenarios above, we get a high of $3,160 and a low of $2,556.

Here's Why Microsoft Will Outperform Alphabet in a Recession

For investors who are considering Microsoft and Alphabet, it's worth noting that Microsoft is more likely to outperform at this time. From a macroeconomic perspective, both stocks will fall with the overall market if we see an earnings recession. However, Microsoft will fall less because it has a lower downside beta.

Unlike the traditional beta measure, which combines both upside and downside volatility, downside beta focuses exclusively on how a stock moves when the overall market falls. For our calculations, we chose a 2-year lookback period because it captures both a strong bull market and the current bear market.

When using daily price moves from the past 2 years, we calculated downside betas for Alphabet and Microsoft of 1.24 and 1.22, respectively. These numbers make sense since both stocks have fallen more than the S&P 500 year-to-date while Alphabet has dropped more than Microsoft.

However, moving beyond the statistical argument for Microsoft's relative outperformance, there are fundamental reasons as well. To begin with, Alphabet's main source of revenue comes from advertisements. Although it does have other revenue streams such as Google Cloud, that segment isn't profitable yet. Indeed, Alphabet posted an operating loss of $699 million on $6,868 million of revenue in its cloud business during its most exact quarter.

Alphabet's Q3 2022 Earnings Release

Alphabet's Q3 2022 Earnings Release

Since advertising is negatively impacted during recessions as companies try to cut costs, Alphabet's earnings will also be affected. Alternatively, Microsoft has more diversified revenue streams. In fact, Microsoft's biggest contributor to both revenue and earnings is its Intelligent Cloud segment, which also happens to be its fastest-growing segment. That, along with its Productivity and Business Processes segment, is more critical to businesses during a recession than advertisements.

Businesses still need Microsoft's office products and its Azure platform to simply function. In addition, its Intelligent Cloud segment is very profitable compared to that of Alphabet.

Q1 2023 Earnings Release Microsoft

Microsoft's Q1 2023 Earnings Release

As a result, it seems likely that Microsoft will see less of an impact on earnings than Alphabet will.

Takeaway: Recession Is Likely, but Microsoft Appears Better Equipped for It

Both stocks are likely to produce great shareholder returns in the long run, and for investors who don't care about downside volatility, dollar-cost averaging is probably a better idea. Nonetheless, investors who fall into this category should be aware that Microsoft has more upside potential than Alphabet. Alternatively, investors who would rather remain patient have good reason to do so, as historical data indicates that the bear market isn't over yet.

Mon, 21 Nov 2022 13:02:00 -0600 en text/html https://seekingalpha.com/article/4559690-why-the-market-hasnt-bottomed-yet-and-why-microsoft-will-outperform-alphabet
Killexams : Harvard Health Publishing: Common questions on alzheimer's disease answered No result found, try new keyword!See more questions and expert answers related to alzheimer's disease. → Curious about alzheimer's disease? See the casues, symptoms, treatment options and more. Alzheimer's disease is the most common ... Fri, 09 Dec 2022 07:28:38 -0600 text/html https://www.msn.com/en-us/health/nutrition/harvard-health-publishing-common-questions-on-alzheimer-s-disease-answered/ar-AA155yWt Killexams : A compliance fight in Germany could hurt Microsoft customers No result found, try new keyword!A compliance fight between Microsoft and German regulatory authorities has gotten white hot, though it looks as though any penalties might bypass the company and take aim at its customers. Tue, 06 Dec 2022 18:32:00 -0600 en text/html https://www.computerworld.com/ Killexams : Mozilla, Microsoft drop TrustCor as root certificate authority © Provided by The Register

'There is no evidence to suggest that TrustCor violated conduct, policy, or procedure' says biz

Mozilla and Microsoft have taken action against a certificate authority accused of having close ties to a US military contractor that allegedly paid software developers to embed data-harvesting malware in mobile apps.…

The CA, TrustCor, denies this, but has not responded to direct questions at time of publication.

After a lengthy discussion between staff at Mozilla and Apple, security researchers and the CA itself, Mozilla program manager Kathleen Wilson said the org's concerns were "substantiated" enough to set a distrust date of November 30 for TrustCor's root certificates. 

The back and forth took place on Mozilla's dev-security-policy (MDSP) mailing list, and you can read the full discussion there. Microsoft didn't participate in the conversation; instead, TrustCor executive Rachel McPherson claimed that Microsoft had set a distrust date of November 1 for her company's certs. 

"Microsoft gave us no advance notice of this decision," McPherson said. 

"We have never been accused of, and there is no evidence to suggest that TrustCor violated conduct, policy, or procedure, or wrongfully issued trusted certificates, or worked with others to do so. We have not done any of those things."

Apple said in its comments that it concurred with the views of other commenters, and that the findings "lend themselves to reasonable doubt about [TrustCor's] ability to operate as a publicly trusted CA." 

As of writing, TrustCor's certificates still show up in Apple's list of trusted root certificates, and it's unclear if the iMaker plans to take action of its own.

The entire TrustCor affair goes back to early this year, when University of Calgary professor and AppCensus co-founder Joel Reardon discovered data-harvesting malware in a collection of Android apps that had been downloaded more than 46 million times. 

The infected apps included a speed camera radar, Muslim prayer apps, QR scanner, weather app and more. 

According to Reardon, Panama-based Measurement Systems was the company that developed the code. In the Wall Street Journal's report on Reardon's findings, it claimed it had found ties between Measurement Systems and a Virginia defense contractor doing cyber intelligence, network defense, and intelligence intercept work for the US government. 

The apps were pulled, though some have since returned to Google Play with the offending code removed.

Reardon kicked off another discussion in mozilla.dev.security.policy on November 8, in which he and UC Berkeley's Serge Egelman reported on their digging into Measurement Systems.

Per the pair, Measurement Systems' website was registered by Vostrom Holdings, which does business as Packet Forensics, a company Reardon said sells lawful intercept products to government agencies. 

Measurement Systems and TrustCor are both registered in Panama, were registered only a month apart, and have the same set of corporate officers, Reardon said. 

The pair also investigated an encrypted email service run by TrustCor called Msgsafe, which they said sends email in plaintext over TLS. Reardon said he's "not convinced there is E2E encryption or that Msgsafe cannot read users' emails."

Reardon emphasized that he had "no evidence that Trustcor has done anything wrong" or "has been anything other than a diligent competent certificate authority."

However, he added: "Were Trustcor simply an email service that misrepresented their claims of E2E encryption and had some connections to lawful intercept defense contractors, I would not raise a concern in this venue. But because it is a root certificate authority on billions of devices – including mine – I feel it is reasonable to have an explanation," Reardon said on the public discussion board. 

TrustCor's McPherson attempted to answer questions posed by Mozilla and others in the thread, but despite its insistence that Reardon's info was out of date, and that Trustcor and Packet Forensics had no ongoing business relationship, the authorities weren't convinced. 

Comments in the discussion thread appeared to be less concerned about the alleged links, and more concerned with the fact that TrustCor couldn't provide satisfactory answers.

"The original concerns, except the potential links to a spyware operation, didn't feel like grounds for distrust to me. However, the way this CA approached the claims leaves me with no trust in their operations," said cryptographer Filippo Valsorda.

Others echoed similar sentiments, saying that McPherson's answers weren't sufficient for a company with as much online power as a Certificate Authority. 

"Our assessment is that the concerns about TrustCor have been substantiated and the risks of TrustCor's continued membership in Mozilla's Root Program outweighs the benefits to end users," Mozilla's Wilson said. 

We've contacted TrustCor to learn what it plans to do, but haven't yet heard back. ®

Thu, 01 Dec 2022 19:36:02 -0600 en-US text/html https://www.msn.com/en-us/news/technology/mozilla-microsoft-drop-trustcor-as-root-certificate-authority/ar-AA14Oz1d
MS-700 exam dump and training guide direct download
Training Exams List