The IT Infrastructure Threat Modeling Guide is now available.
Organizations today face an increasing number of threats to their computing environments. You need a proactive approach to assist you in your efforts to protect your organization's assets and sensitive information. This guide provides an easy-to-understand method that enables you to develop threat models for your IT environment and prioritize your investments in IT infrastructure security.
This Solution Accelerator includes a Microsoft Word document that helps IT professionals develop and implement threat models for their IT environments, and a Microsoft PowerPoint® presentation that is designed for use in a learning or lecture environment to present the concept of IT infrastructure threat modeling. These materials are designed to help IT professionals accomplish the following:
· Provide use case scenarios for each component to be threat modeled.
· Identify threats that could affect their organizations’ IT infrastructures.
· Discover and mitigate design and implementation issues that could put IT infrastructures at risk.
· Prioritize budget and planning efforts to address the most significant threats.
· Conduct security efforts for both new and existing IT infrastructure components in a more proactive and cost-effective manner.
Next Steps
Download the IT Infrastructure Threat Modeling Guide.
Protect yourself from the identified threats using other Security and Compliance Solution Accelerators such as the Security Compliance Management Toolkit and the Hyper-V Security Guide
If your organization is affected by the Federal Desktop Core Configuration (FDCC) mandate, and the Security Content Automation Protocol (SCAP), then this new Beta program will be of interest to you. The FDCC mandate from the Office of Management and Budget (OMB) requires federal agencies and organizations to configure their computers running Windows Vista® and Windows® XP according to a specific list of settings published by the National Institute of Standards and Technology (NIST). The FDCC mandate also requires these agencies and organizations to document their compliance by scanning the computers they manage using SCAP content published by NIST, and to provide the compliance results in SCAP format.
The System Center Configuration Manager Extensions for SCAP enable you to use Microsoft® System Center Configuration Manager 2007 to scan computers running these operating systems that you manage for compliance with the FDCC mandate. The System Center Configuration Manager Extensions for SCAP include command-line tools to convert SCAP content into the format used by the Desired Configuration Management (DCM) feature in Configuration Manager 2007, and to convert DCM reports into SCAP format.
· You can participate in the Beta by visiting the Beta Program site on Microsoft Connect (Windows Live™ ID login and registration required). After you sign up, bookmark this link to the project site for access to download the Beta tools and guidance, and receive the latest information about the project.
Note: This solution has not been formally validated by NIST. Although Microsoft will submit it at a future date, at this time NIST has not yet recognized it as a SCAP validated tool with FDCC scanning capability.
The new Hyper-V Security Guide has been released. It provides methods and best practices to strengthen the security of computers running the Hyper-V role on Windows Server® 2008. The guide covers the following three topics:
Hardening Hyper-V
We provide you with prescriptive guidance for hardening the Hyper-V role and discuss several best practices for installing and configuring Hyper-V on a Windows Server 2008 server with a focus on security. Our best practices include measures for reducing the attack surface of a server running Hyper-V and recommendations for properly configuring secure network and storage devices.
Delegating Virtual Machine Management
For this topic we discuss several available methods for delegating virtual machine management so that virtual machine administrators only have the minimum permissions they require. We describe common delegation scenarios, and include detailed steps to guide you through using Authorization Manager (AzMan) and System Center Virtual Machine Manager 2008 (VMM 2008) to separate virtual machine administrators from virtualization host administrators.
Protecting Virtual Machines
Here we provide you with prescriptive guidance for securing virtual machine resources. We discuss best practices and include detailed steps for protecting virtual machines by using a combination of file system permissions, encryption, and auditing. We also include resources for hardening and updating the operating system instances running within your virtual machines.
Next steps
To read more about the guide, click here.
To download the guide, click here.
Additional resources
Read about our other security Solution Accelerators.
Listen to a Podcast on virtualization security best practices.
Launch the Download Now
We have just released the Security Compliance Management Toolkit series to help you secure and monitor Windows® operating systems and 2007 Microsoft® Office.
This series marks the next generation of Microsoft security guides by automating the security baselines for them. This release includes updated security guides, predefined Group Policy, the GPOAccelerator tool, and Configuration Packs to help you plan, deploy, and monitor your Windows and 2007 Office security baselines.
In a nut shell the Security Compliance Management Toolkit series provides you with expanded best practices and automation tools to configure and deploy security settings for the following operating systems and applications:
· Windows Server® 2008
· Windows Server® 2003 Service Pack 2 (SP2)
· Windows Vista® SP1
· Windows® XP Professional SP3
· 2007 Microsoft Office SP1
After deploying the security settings in your environment, monitor the settings by applying one or more of 26 Configuration Packs with the desired configuration management (DCM) feature of Microsoft® System Center Configuration Manager 2007 SP1.
Download Toolkit
· Get all the details about the toolkit series by visiting www.microsoft.com/securitycompliance.
· Download the Security Compliance Management Toolkit series.
Additional Resources
· Preview the toolkit series and learn more about it through virtual labs and how-to videos by visiting www.microsoft.com/ssa
The benefits of virtualization are more evident than ever. Microsoft Hyper-V™ technology allows consolidation of workloads that are currently spread across multiple underutilized servers onto a smaller number of servers. This capability provides you with a way to reduce costs through lower hardware, energy, and management overhead while creating a more dynamic IT infrastructure.
The Hyper-V Security Guide can help you elevate the security of virtualized Windows Server® environments to meet your business-critical needs. This Solution Accelerator provides IT professionals like you with guidance, instructions, and recommendations to address your key security concerns around server virtualization in the following areas:
· Hardening Hyper-V. The guide provides prescriptive guidance for hardening the Hyper-V server role, including several best practices for installing and configuring Hyper-V with a focus on security. These best practices include measures for reducing the attack surface of Hyper-V as well as recommendations for properly configuring secure virtual networks and storage devices on a Hyper-V host server.
· Delegating virtual machine management. The ability to safely and securely delegate administrative access to virtual machine resources within organizations is essential. The guide highlights several available methods to administer different aspects of a virtual machine infrastructure and ways to control administrative access to different servers and at different levels.
· Protecting virtual machines. The guide also provides prescriptive guidance for securing virtual machine resources, including best practices and detailed steps for protecting virtual machines by using a combination of file system permissions, encryption, and auditing.
The Beta release is available now for your review through March 4th, 2009. By participating in this Beta Program, you can provide timely feedback about the guidance to our team to help us ensure that it meets your needs when it is released.
Next steps:
· Download the Beta by visiting the Security Solution Accelerators Connect Site (Windows Live™ ID login and registration required) and joining Project Codename Teton.
· Once you have registered, that link won't work; please bookmark this link to the project site to get the latest project information.
We would like to ask you to take a few minutes of your day and fill out a quick survey. Tell us how we're doing, and what we can do better.
We want to hear what you think about Solution Accelerators—if you’ve used a Solution Accelerator within your organization, help us by completing this short survey.
Our sister team, would like to invite you to a set of live meetings focused on IT compliance such as PCI. If you or your manager struggles with the complexities of compliance take the time to listen in on a Live meeting.
-----
‘Reduce the cost and effort of configuring and validating Microsoft products to address customer IT GRC requirements.’ - Project Tribeca Team
Does your IT team struggle to cope with the ever-changing demands of domestic and international governance, risk, and compliance (GRC) requirements? Microsoft is working to provide product configuration guidance to help IT professionals achieve compliance with hundreds of GRC authority documents, including SOX, PCI, HIPAA, GLBA, and EUDPD.
Join the Microsoft Project Tribeca team in weekly discussions to help shape content, GRC authority document alignment, and technology configuration guidance that directly affects your organization.
Meeting Dates
Attend any single or multiple Connect meetings
- 1/28/09 8 AM PT - What GRC Authority Documents impact your organization?
- 2/04/09 8 AM PT - How does your IT department manage change/configuration for GRC requirements.
Please join us by signing up for the IT governance and Compliance program in Microsoft Connect. Click here to join the program.
After you have joined the program, bookmark the following link to return to the program site and get the latest information about upcoming events:
https://connect.microsoft.com/site/sitehome.aspx?SiteID=657
This Solution Accelerator essentially builds on our previous releases to provide you with expanded best practices and additional automation tools to help you configure and deploy security settings for the following operating systems and applications:
· Windows Vista® Service Pack 1 (SP1),
· Windows XP® Professional SP3,
· Windows Server® 2008,
· Windows Server® 2003 SP2,
· 2007 Microsoft Office SP1.
After deploying the security settings, you can now verify the accuracy of the setting policies and monitor policy changes by applying one or more of 18 Configuration Packs using the desired configuration management (DCM) feature of Microsoft System Center Configuration Manager 2007.
Next steps:
· Download the Beta by visiting the Program Connect Web site (Live ID logging and registration required)
After joining the Beta review program, bookmark this link to the program site to get the latest information about upcoming events.
· The Beta runs through 6th January 2009 and hence be sure to download the beta right now!
By participating in this Beta review program, you can provide timely feedback about the guidance to our team to help us ensure that it meets your needs when released!
I wanted to take an opertunity to introduce the latest Solution Acclerator. If your intrested in Compliance you should take a look at this guidance.
Download it NOW!
Shift efforts of Governance Risk and Compliance to technology, using the IT Compliance Management guide!
You already own Microsoft the products that can help you manage compliance issues. Use the IT Microsoft Compliance Management guide to better understand how to configure controls, save money, and realize compliance regulations, do it all within a framework to ensure compliance.
Frank
Solution Accelerators Security site has a new face, you should check it out. The Solution Accelerators Techcenter for Security was published recently to help better navigate the security Solutions Accelerators. The library contains a vast array of Accelerators addressing issues in response management with The Malware Removal Starter Kit, or hardening guides such as the Windows Server 2008 Security Guide. What's really cool is that the site is organized in a simple to navigate manner addressing the MOF v4 phases.
The Solution Accelerators - Security and Compliance team has released a beta version of its first set of guides in the Compliance Management Series. This effort expands on the work done in the Regulatory Compliance Planning Guide published in 2006.
Here is a bit of detail on the new Solution Accelerator:
Managing compliance issues imposed by regulations and statutory requirements can be difficult to reconcile with regulations and standards such as PCI DSS, ISO 27002, AICPA GAPP, and COBIT. An additional challenge is the lack of a single source of compliance configuration guidance for Microsoft products.
The Compliance Management Series (a MOF–based expansion of the Regulatory Compliance Planning Guide) provides Standards of Care and simple checklists to help you configure Microsoft products to address Governance, Risk, and Compliance (GRC) requirements.
Standards of Care simplify complex categories such as Asset Management, Compliance Management, and Risk Management, and clarify how to configure Microsoft products quickly and effectively for these categories.
The Series uses Microsoft Operations Framework (MOF) 4.0 to provide you with a structured approach to the planning and delivery of configuration changes in your organization.
https://connect.microsoft.com/InvitationUse.aspx?ProgramID=2404&InvitationID=cmbt-8XBG-PD28&SiteID=657
After you join the program, bookmark the following link to return to the program site and get the latest information about upcoming events:
https://connect.microsoft.com/site/sitehome.aspx?SiteID=657
More social networking solutions are available today than ever. As a user of two of the technologies, Linkedin and Facebook, I think both provide great capabilities and both are limited. For example, Linkedin provides capabilities for maintaining a professional profile, while Facebook provides great extensions that allow you to extend your network quickly. Also, you can use Facebook messaging features such as the Wall to communicate quickly.
I was hoping to get an idea of the success of these solutions—not site stats, but a user’s personal experiences—while using these sites as a means to keep in touch with other security professionals. In my opinion, Linkedin has provided an admirable service for maintaining some privacy and manage a somewhat professional look and feel for the technical community. I'm not entirely sure about the role of Facebook in my work life.
As a reader of this blog, I'd like to get your input. What works best to help you maintain a professional social network presence in the community? As much of a pain as it is to sign in using a Microsoft Live account, I challenge you to do so and provide me with your feedback!
Frank
The DCM feature supports a powerful way for data discovery by using scripting. By invoking AccessChk.exe from DCM scripts, the output of user rights assignment data from AccessChk.exe can be collected by the DCM scripting data discovery provider. The following procedure enables you to use Microsoft Visual Basic Scripting Edition (VBScript) in combination with the DCM feature to collect data about user rights assignments. To use this procedure, you must have access to a computer running Configuration Manager 2007.
To add a setting using the DCM feature that uses VBScript to collect user rights assignment data
1. In the left pane of the Configuration Manager Console, expand the Desired Configuration Management folder, right-click the folder to access the submenu, and then choose Configuration Item.
2. In the Create Operating System Configuration Item Wizard, choose to create a new operating system configuration item (CI), and then on the Identification tab, name it. For example, you could name it “User Rights Assignment by AccessChk.”
3. Type a description for the CI (optional), and then click Next.
4. On the Microsoft Windows Version page, select or type the corresponding Windows operating system version information, click Next to access the Objects page, and then on this page click Next to access the Settings page.
5. On the Settings page, select the Settings node, click New, and then in the drop-down menu, select Script to invoke the New Script Setting Properties dialog.
6. On the General tab of the New Script Setting Properties dialog, provide a setting Display Name. For example, Remove computer from docking station.
7. Provide Description (optional).
8. For Script Language, select VBScript (or your preferred language if you integrate AccessChk in another language).
9. Copy the VBScript from the next section of this article to the Script text box.
10. Change the second line in the script to the correct input parameters. For example, define the rule for “SeUndockPrivilege,” to “Allowed” in this case. (See the table in the previous section for all available input parameters.)
11. On the Validation tab of New Script Setting Properties dialog, ensure that Data Type is set to String.
12. Click New under the Details list box to create a new validation rule.
13. In the Name and Description fields, provide information for your new validation rule.
14. Ensure that Operator is set to Equals.
15. Defined the Value (account list) that you want to allow or deny for the user rights assignment.
16. Select Severity, and then determine the severity level of the new validation rule.
17. Click OK of New Script Setting Properties dialog to save the new setting
18. Click Finish button in Settings tab to Summary page.
19. Click Next after review the summary
20. Click Finish in Confirmation page.
Sample DCM Feature VBScript for User Rights Assignments
Here is a VBScript that you can use with the DCM feature to obtain user rights assignments:
option explicit
WScript.Echo ValidateSetting("SeNetworkLogonRight", "Allowed", "Administrators,Authenticated Users")
'WScript.Echo ValidateSetting("SeDenyBatchLogonRight", "Denied", "Authenticated Users")
Function ValidateSetting(userRightProperty, SeType, baselineValue)
on error resume next
' Get expected values and actual valuse we are testing against
Dim ExpectedValues, ActualValues
ExpectedValues = baselineValue
' Poll LSA data through accesschk
ActualValues = PollAccessChkForSettings (userRightProperty)
If ActualValues = "" Then
' below line assumes DCM rule value (OperandA) is "NO ONE" if no one is allowed for the user right privilege
ActualValues = "NO ONE"
End If
' do our validation
If SeType = "Allowed" Then
ValidateSetting = ValidateAllowedResults(ExpectedValues, ActualValues)
Else
ValidateSetting = ValidateDeniedResults(ExpectedValues, ActualValues)
End If
' do error checking, make sure our function return something.
If ValidateSetting = "" Then
ValidateSetting = "ValidateSetting return Nothing or Empty"
If Err.Number <> 0 Then
ValidateSetting = ValidateSetting & ", Error: " & Err.Number
ValidateSetting = ValidateSetting & ", Error (Hex): " & Hex(Err.Number)
ValidateSetting = ValidateSetting & ", Source: " & Err.Source
ValidateSetting = ValidateSetting & ", Description: " & Err.Description
Err.Clear
End If
End If
End Function
' Validate allowed results
Function ValidateAllowedResults(ExpectedValues, ActualValues)
on error resume next
' We are always in compliant if no one has the privilege
If UCase(Trim(ActualValues)) = "NO ONE" Then
ValidateAllowedResults = ExpectedValues
Exit Function
End If
' Everify that the actual list of users is a sub-set of the expected list of users.
Dim ActualValueList, ExpectedValueList, ActualValue, ExpectedValue, Result
ActualValueList = Split(UCase(ActualValues), ",")
ExpectedValueList = Split(UCase(ExpectedValues), ",")
' Verify all the actual users are in the list of expected users
For Each ActualValue in ActualValueList
' Find if actual value is in list of expected values
Result = false
For Each ExpectedValue in ExpectedValueList
If Trim(ActualValue) = Trim(ExpectedValue) Then
Result = true
Exit For
End If
Next
If Result = false Then
ValidateAllowedResults = ActualValues
Exit Function
End If
Next
' Passsed all tests
ValidateAllowedResults = ExpectedValues
End Function
' Validate denied results
Function ValidateDeniedResults(ExpectedValues, ActualValues)
on error resume next
' We are always in compliant if expected no one has been denied the privilege
If UCase(Trim(ExpectedValues)) = "NO ONE" Then
ValidateDeniedResults = ExpectedValues
Exit Function
End If
' We are always not in compliant if no one has been denied the privilege but expected someones.
If UCase(Trim(ActualValues)) = "NO ONE" Then
ValidateDeniedResults = ActualValues
Exit Function
End If
' Everify that the expected list of users is a sub-set of the actual list of users.
Dim ActualValueList, ExpectedValueList, ActualValue, ExpectedValue, Result
ActualValueList = Split(UCase(ActualValues), ",")
ExpectedValueList = Split(UCase(ExpectedValues), ",")
' Verify all the expected users are in the list of actual users
For Each ExpectedValue in ExpectedValueList
' Find if expected value is in list of actual values
Result = false
For Each ActualValue in ActualValueList
If Trim(ActualValue) = Trim(ExpectedValue) Then
Result = true
Exit For
End If
Next
If Result = false Then
ValidateDeniedResults = ActualValues
Exit Function
End If
Next
' Passsed all tests
ValidateDeniedResults = ExpectedValues
End Function
' Set ActualValues to a comma deliminated list of values defined by what settings we are polling.
Function PollAccessChkForSettings(userRightProperty)
on error resume next
Dim Result, timeout, accountArray, objWshell, oExec
Set objWshell = WScript.CreateObject("WScript.Shell")
Set oExec = objWshell.Exec("accesschk.exe -a " & userRightProperty)
If oExec is Nothing Then
PollAccessChkForSettings = "ERROR: objWshell.Exec return null, please check if accesschk.exe exists."
Exit Function
End if
' Wait for program to finish
timeout = 200
Do While oExec.Status = 0 And timeout > 0
WScript.Sleep 10
timeout = timeout - 1
Loop
If oExec.Status = 0 Then
PollAccessChkForSettings = "ERROR: Timed Out"
Exit Function
Else
Result = oExec.StdOut.ReadAll
If Result = "" Then
PollAccessChkForSettings = "ERROR: Get Data Failed"
Exit Function
Else
' not found any valid data
If InStr(Result, "No more data is available") > 0 Then
PollAccessChkForSettings = ""
Exit Function
End If
' concat the account to a string with comma delimiter
Dim i, value
accountArray = Split(Result, vbCrlf)
For i = 0 To UBound(accountArray) - 1
If PollAccessChkForSettings <> "" Then
PollAccessChkForSettings = PollAccessChkForSettings + ","
End If
value = Replace(accountArray(i), Chr(9), "")
value = Trim(value)
Dim j
j = InStrRev(value, "\")
If j = 0 Then
PollAccessChkForSettings = PollAccessChkForSettings + UCase(value)
Else
PollAccessChkForSettings = PollAccessChkForSettings + UCase(Right(value, Len(value) - j))
End if
Next
'WScript.Echo PollAccessChkForSettings
End If
End If
End Function
If you are intrested in the complete script listing for DCM you can download it from HERE
To improve accuracy/integrity of Security Compliance Management collecting user rights assignment data from the right location is critical for security compliance reports. Newly updated AccessChk.exe can be integrated into Desired Configuration Management feature of Microsoft Configuration Manager 2007 to achieve the purpose.
In this article we invite Michael Tan, one of our senior program mangers, to introduce a new feature in the recently updated Sysinternals tool called AccessChk. His two part article looks at how the new AccessChk feature works and the benefits of using this Sysinternals tool. The second part takes a look at the using the tool with Configuration Manager’s DCM feature, and how the Security Compliance Management toolkit benefits from the efforts.
Microsoft released the Security Compliance Management toolkit on June 5, 2008, on TechNet and as a free download on the Microsoft Download Center. The toolkit enables organizations to monitor the security compliance state of their IT environments for computers running Windows operating systems by using the Desired Configuration Management (DCM) feature in Microsoft System Center Configuration Manager 2007 as mentioned in recent posts. Now let's look at a known issue for the toolkit using Resultant Set of Policy (RSOP) Windows Management Instrumentation (WMI) providers for data discovery. Solving this shortcoming of the toolkit can be accomplished by using the newly updated AccessChk.exe, with some custom DCM scripts to obtain the latest user rights assignment data from the Windows Local Security Authority (LSA) store. To make this simple, we include a working sample that customers can use to collect this data directly from the LSA store.
Background
The Security Compliance Management toolkit provides more than 300 security settings, including user rights assignment settings, such as Access this computer from the network, backup files and directories, and so on. The Release Notes in the toolkit include a list of settings. The data collected in the WMI repository from these settings may not synchronize with the data in the LSA store. This is because the data discovery process for the toolkit uses RSOP WMI providers to collect the setting data, and the data is queried from the WMI repository (CIMOM database) that represents existing policies or planned policies. For this reason, the data for these settings may not be consistent with user rights assignment data in the LSA store that is consumed directly by Windows components.
If customers want to obtain the actual security state of the user rights assignments on a target host machine, they must query the LSA store directly instead of using RSOP.
Only native application programming interfaces (APIs) or Win32 APIs are provided for LSA data queries, and these are not supported by the DCM feature in Configuration Manager 2007. To obtain this data, you can use the newly updated Sysinteranls tool, AccessChk.exe (version 4.2), with the DCM feature's scripting capability to get user rights assignment data directly from the LSA store.
AccessChk.exe
AccessChk.exe provides you with access to the files, registry keys or Windows services for the user or group that you specify. AccessChk.exe now supports a new option -a to query user rights assignment data directly from the LSA store.
First download AccessChk.exe 4.2 from SysInternals.
On a command prompt type AccessChk.exe /?
-a Name is a Windows account right. Specify '*' as the name to show all rights assigned to a user
Here is a partial list of all the user rights assignment that you can access directly from the LSA store:
|
User Right name in –a option list |
Type |
Setting name |
Description |
|
SeBatchLogonRight |
Allowed |
Logon as a batch job |
Required for an account to log on using the batch logon type. |
|
SeDenyBatchLogonRight |
Denied |
Deny logon as a batch job |
Explicitly denies an account the right to log on using the batch logon type. |
|
SeDenyInteractiveLogonRight |
Denied |
Deny Logon locally |
Explicitly denies an account the right to log on using the interactive logon type. |
|
SeDenyNetworkLogonRight |
Denied |
Deny access to this computer from the network |
Explicitly denies an account the right to log on using the network logon type. |
|
SeDenyRemoteInteractiveLogonRight |
Denied |
Deny Logon through Terminal Services |
Explicitly denies an account the right to log on remotely using the interactive logon type. |
|
SeDenyServiceLogonRight |
Denied |
Deny logon as a service |
Explicitly denies an account the right to log on using the service logon type. |
|
SeInteractiveLogonRight |
Allowed |
Allow Logon locally |
Required for an account to log on using the interactive logon type. |
|
SeNetworkLogonRight |
Allowed |
Access this computer from the network |
Required for an account to log on using the network logon type. |
|
SeRemoteInteractiveLogonRight |
Allowed |
Allow Logon through Terminal Services |
Required for an account to log on remotely using the interactive logon type. |
|
SeServiceLogonRight |
Allowed |
Logon as a service |
Required for an account to log on using the service logon type. |
|
SeAssignPrimaryTokenPrivilege |
Allowed |
Replace a process level token |
Required to assign the primary token of a process. |
Stay tuned to the second part of this article.
Dear reviewers,
Thank you for participating in this blog for the Security Guides. The customer feedback we received helped us build a high-quality Solution Accelerator that meets the needs of IT Professionals like you.
You have worked with our team on multiple reviews, and now have the chance to influence some of the changes we are planning to introduce to the content of the security guides.
Solution Accelerator team is planning to re-engineer the content model used for our security guides. Specifically, we will be changing what content deliverables we produce going forward. We will look at the format, the data presented (in some cases) and how we can reuse common content, packaging considerations and tools to help automate the “get” and “set” of the security settings. We also want to ensure this content model looks to the future, so that we can address new technologies and applications.
Some of the goals for this project are:
· Deliver a consistent and useable delivery presentation for our customers and partners
· Remove the redundant content we produce in our security guides
· Document a extensible content model that can be implemented in a tool
· Provide an automated build and packaging process for all of our security guides
· Create a repeatable security guidance development process
I would like to present a quick 6 question survey to our enterprise customers and partners to help shape the redesign of our security guides and validate the approach. We would really appreciate your feedback. A short, 3-minute survey appears below.
https://connect.microsoft.com/InvitationUse.aspx?ProgramID=2409&InvitationID=SDBL-8F9C-6T4K&SiteID=14
Thanks again for your participation.
