Email Archives - Page 8 of 21 - Appunti dalla rete

The best productivity apps in 2023

The premise of this article’s headline is nonsense, sure, but it isn’t clickbait—I promise.

You’re almost certainly here because you searched for “best productivity apps.” I understand that impulse. You want to get more done in less time, which is about as universal a feeling as humans can have at work. The problem: productivity is deeply personal, and the words “productivity tools” mean a lot of different things to different people. What works for you may or may not work for me, which is why—after over a decade of writing about productivity software—I don’t really believe there are objectively “best” productivity apps.

5 things you should automate today

Start automating

I do, however, think there are categories of tools that can help you become a better version of yourself. Some of them work better for more people than others, and not everyone needs an app from every category. Knowing what kinds of apps exist, and what you should look for in an app, is more important than knowing what the “best” app in that category is.

Having said that, you’re here for software recommendations, not my personal reflections on the nature of productivity. So I’m going to go over the main kinds of productivity apps I think most humans who use electronic devices at work should know about. I’ll explain why I think each category is important, point to an app or two that I think will work well for most people, then offer links to other options if you want to learn more.

Just remember: the specific app doesn’t matter. The best productivity app is the one that works best for you. The most important thing is having a system. Sound good? Let’s jump in.

How we evaluate and test apps

All of our best apps roundups are written by humans who’ve spent much of their careers using, testing, and writing about software. We spend dozens of hours researching and testing apps, using each app as it’s intended to be used and evaluating it against the criteria we set for the category. We’re never paid for placement in our articles from any app or for links to any site—we value the trust readers put in us to offer authentic evaluations of the categories and apps we review. For more details on our process, read the full rundown of how we select apps to feature on the Zapier blog.

A to-do list like Todoist

We all have things we need to do—at work and in the rest of our lives. The worst place you could store those things, in my opinion, is in your mind. It’s just stressful: you’ll remember, at random moments, that there’s something you were supposed to be doing, and that memory will result in panic. Writing down everything you need to do allows you to make a plan, and (crucially) means you don’t have to panic.

Not everyone benefits from a dedicated to-do list app—some of the most productive people I know prefer sticky notes, email inboxes, or even spreadsheets. I think that’s great, so long as you have some place to record the things you need to do.

Todoist, our pick for the best to-do list app for balancing power and simplicity

I think that Todoist, shown above, is a great to-do list app for most people. It’s easy to use but also offers a lot of features. It can also be installed on basically any device you can imagine, meaning your to-do list is always available. It allows you to assign due dates to tasks, sort tasks by project, or even view a project using a Kanban board. You don’t have to worry about those features if you don’t want to, though, which is why I think it’s a great starting point for someone who needs a to-do list.

If Todoist doesn’t work for you, though, check out our list of the best to-do list apps—it’s got a wide variety of recommendations. I, personally, use TickTick because I like how easy it is to add tasks, and I also can’t stop saying good things about Things for sheer simplicity on Apple devices. Find a tool you like—and that you remember to actually open. There’s nothing less useful than an app full of tasks you never look at.

Once you’ve picked your to-do list app, make the most of it with automation, so you can easily add tasks that come in by email, team chat apps, project management tools, or notes. Read more about automating your to-do list.

A calendar like Google Calendar

There are only so many hours in the day, unfortunately, which means you have to budget them. A calendar is how you do that. You could use a paper wall calendar, sure, but a calendar app lets you invite other people to an event. Also, in a world where so many meetings are virtual, calendar apps give you a useful place to store the link to your Zoom call.

Google Calendar, our pick for the best free calendar app

I think that Google Calendar, shown above, is the right calendar app for most people—particularly people who already use Gmail. Google Calendar is easy to load on any device, lets you see your calendar in several different views, and makes it easy to invite anyone else to any event or meeting you happen to plan. I could write multiple articles on Google Calendar features (and I have). This app does everything any other app can do, and more, all while being pretty easy to use.

If Google Calendar doesn’t work for you, though, check out our list of the best calendar apps for more options. Microsoft Outlook is a solid alternative, as is the Calendar app that comes with all Apple devices.

I’d also consider looking into some kind of meeting scheduling app. These apps let anyone sign up for appointments with you, which is particularly useful if you have a meeting-heavy calendar. Calendly, shown below, is a solid option, with a lot of customizability and the ability to sync with Google Calendar. You can check out our list of the best meeting schedulers for a more complete rundown of Calendly and other options.

Calendly, our pick for the best meeting scheduler app for simplified scheduling

Once you choose a calendar app, take it to the next level. With automation, you can do things like automatically turn calendar events into tasks on your to-do list or use forms to create calendar events. Here’s how you can bring context to your calendar by connecting other apps.

A note-taking app like OneNote

I’m constantly taking notes: before and during meetings; while researching an article; while brewing beer. And I think most people have some class of information they’ll need to reference later that doesn’t quite meet the threshold of a “document.” Who wants a sprawling series of folders with all of that information?

This, to me, is what note-taking apps are for: quickly writing things down so you can read them later and (hopefully) follow up. They also work well as a personal journal, or a place to store files related to a particular project.

OneNote, above, is probably the note-taking app most people should try first. It’s free—so long as you don’t run out of OneDrive storage—and it gives you all kinds of ways to organize notes, from notebooks to sections to sub-headers. It also has powerful search, which includes the scanned contents of any images or PDFs you might drop in a note.

But OneNote isn’t the only option. You should check out our list of the best note-taking apps for more choices. If you loved Evernote back in the day, you should check out Joplin, which is a completely free and open source replacement for that app. And I personally love Obsidian, which turns your notes into an entire database, complete with internal links and an extensive plugin collection. There are a lot of good choices out there—find something that lets you write things down and dig them up later.

See our favorite ways to use automation to improve how you put your notes to work, track action items from meetings, and put an end to regular copy-paste actions.

A distraction blocker like Freedom

I’ve never tried to work in the middle of an amusement park, but I imagine it would be distracting. The internet is worse. Everything you could possibly imagine is available, all delivered by brilliant engineers who are doing everything they can to keep you looking at more and more and more of it. It’s understandable if you have trouble getting stuff done in that context, which is why apps that block distractions are so helpful.

Freedom, our pick for the best focus app for blocking distractions on all your devices at once

Freedom is a great tool for the job. It runs on every platform and can block distractions—both websites and apps—on all of your devices. That means you can’t, for example, block Twitter on your computer only to pick up your phone and look at it there. With Freedom, you can set up multiple block lists, then start timers for any of them.

I personally love Serene, which combines distraction blocking with a sort of to-do list. You say what you want to do and how long it will take, then you start a distraction-free session to work on it. There’s also Cold Turkey Blocker, which can optionally prevent you from changing the time settings on your computer as a way of working around the block you set up. You’ve got more choices, though, particularly if you’re a Mac user. Check out our list of the best distraction blockers to learn more.

Remember: the internet is distracting on purpose. There’s no shame in using a tool to build discipline.

A habit tracker like Streaks or HabitNow

My dentist tells me I should brush my teeth twice a day, and I believe him, but I tended to only brush at night. I used a habit tracker to change that.

These applications might sound similar to a to-do list, but they’re very different. You can’t add individual tasks to a habit tracker—only recurring ones. The idea is to set an intention to do something regularly, then keep track of how often you regularly do it. Eventually, you have a streak going, which psychologically motivates you to keep it up until the habit becomes second nature. Don’t laugh—it works.

Streaks, our pick for the best habit tracker for iPhone

We recommend checking out Streaks, shown above, for iPhone and HabitNow, below, for Android. These apps both live on your phone, which is the place you’re most likely to look. They both let you create a list of habits you’d like to build, then remind you about that intention. They also both show you your progress in various ways.

HabitNow, our pick for the best habit tracker for Android users

They’re not the only options, however; check out our list of the best habit tracker apps for more ideas. Also keep in mind that some to-do lists have habit-tracking capabilities built right in. I, personally, use TickTick‘s built-in habit tracker—I love it. And some people use a paper calendar for tracking a simple habit—just add an X every day you stick to your habit.

An app to save things for later like Pocket

I’d love to read articles or watch YouTube videos all day. We all would. Sometimes, though, you have to do something else—even though your friend just sent you a really, really interesting article. That’s where read-it-later apps come in. They let you quickly save something you intend to read, so that you can come back to it when you have time.

Pocket, our pick for the best read it later app for turning articles into a podcast

I think that Pocket, above, is the app of choice in this class. It’s free to use, offers extensions for every major browser, and also has great mobile versions that sync your articles for offline reading. There’s even built-in support for highlighting, then reviewing your highlights later.

Instapaper is a close second, and it even lets you send articles to your Kindle. These aren’t your only choices, though—check out our list of the best read-it-later apps for some more options. It’s also worth noting that some people use bookmarking apps or even note-taking apps for the same purpose, and that’s great—they both make it easy to save things for future reference.

Automate the process of saving articles by connecting your read-it-later app to Zapier. Here are some ideas to get you started.

A screen recording tool like Loom

Whether it’s for a quick presentation or troubleshooting a problem, sometimes recording what’s on your screen and sharing it just makes life easier. Screen recording tools are perfect for this, allowing you to quickly record your screen, your voice, and even your face if you have a webcam.

A screenshot of Loom, our pick for the best screen recording software for quickly recording and sharing on desktop

Loom is a great first tool to check out in this category. It’s easy to set up, works on all major platforms, and makes it really simple to share recordings. You can even add your face, via a webcam, to the recording.

I personally use Zappy, which was originally an internal tool used by Zapier. It’s honestly the best screenshot tool I’ve ever used, and it’s free—if you use a Mac, it’s worth a try. Check out our list of the best screen recording tools for more options, and keep in mind you can actually record your screen without any software, if you don’t mind managing the file yourself.

Want to share your screen in real-time? You need a screen sharing tool (Zoom works pretty well, surprisingly).

Other productivity tools worth checking out

This article could go on forever. There’s no end to great software out there, and I love writing about it. I think the above categories should save you all kinds of time—and take up plenty of your time to set up—but here are a few other suggestions if you’re feeling particularly motivated.

Password managers, like LastPass or 1Password, help you generate random passwords for all of your different services without the need for memorization. This is great for security, but it also makes logging in to stuff faster. Here’s a list of the best password managers.
Mobile scanning apps, like Microsoft Lens, let you scan documents using your phone while also digitizing any text using optical character recognition (OCR). Check out our list of the best mobile scanning OCR apps for more choices.
Text expansion tools, like PhraseExpress, mean you’ll never need to look up and copy-paste the same message to multiple people ever again. Read more about text expansion software, or learn how it can make you better at dating.
Dictation software, like Dragon by Nuance, lets you type by talking, which can save you all sorts of time. Here’s our list of the best dictation software.
Time tracking apps, like Toggl Track, are great for keeping track of how long projects take and making sure you’re not spending too much time on the wrong things. Take a look at our list of the best time tracking apps to find the right one for you.
Mind mapping software, like Coggle, helps you map the connections between different ideas while you’re brainstorming. Here are our picks for the best mind mapping software.
AI software, like OpenAI, could make all kinds of tasks easier in the future. It’s early, granted, but I already find it useful when I’m in the brainstorming phase of a project—I can ask the bot to generate ideas.

Once you have apps set up in some of these categories, you can take the whole productivity thing even further. Automation software like ours at Zapier connects all the other apps you use, with workflows you can build yourself—no code required. Like the tools above, Zapier won’t solve every problem you have, but it’s a great way to connect tools that otherwise don’t integrate well—which means you can use the best tools for you, as opposed to the tools that happen to play nice together. And it’s not limited to productivity—eventually, you’ll find yourself automating even your most business-critical workflows.

Plus, if you sign up for Zapier, we’ll be able to write more useful articles like this one. Here are five things you should automate today to get started.

This post was originally published in September 2018 by Matthew Guay. The most recent update was in December 2022.

Source :
https://zapier.com/blog/best-productivity-apps/

The 8 best to do list apps in 2023

There are too many to-do list apps. Trying them all would be a massive task, and I know because I did.

Why are there so many apps for something easily done on sticky notes? Because managing tasks is an intensely personal thing. People will reject anything that doesn’t feel right. That’s a good instinct, but it makes it hard to find the right app.

Make the most of your to-do list with Zapier

Automate your tasks

To that end, we’ve been hard at work researching the best to-do apps, trying to find the right ones for various use cases. Research for these pieces was exhaustive. We started by finding the best apps for every platform: Android, Windows, macOS, and iPhone/iPad. We then tried the top-rated apps in every respective app store, and spent way too much time migrating our personal to-do lists from one app to another.

And now I’m offering you what I feel is the cream of the crop. Whatever you’re looking for, one of these apps is going to be right for you. Click on any app to learn more about why I chose it, or keep reading for more context on to-do list apps.

The best to-do list apps

Todoist for balancing power and simplicity
TickTick for embedded calendars and timers
Microsoft To Do for Microsoft power users (and Wunderlist refugees)
Things for elegant design
OmniFocus for specific organizational systems
Habitica for making doing things fun
Google Tasks for Google power users
Any.do for people who forget to use to-do apps
Other options, including project management software, note-taking apps, and other tools that can do the job

What makes the best to-do list app?

How we evaluate and test apps

I’ve written about technology in general, and productivity specifically, since 2009. In that time, I’ve personally tried basically every to-do list app that has come out, and I’m usually depending on at least one of them to function.

Of course, when it comes to managing a to-do list online, everyone has different criteria. I kept this in mind as I tested, and I noticed a few features that made certain apps stand out.

The best to-do list apps:

Make it fast to add and organize tasks. Ideally, a task is added and categorized in a couple taps or keystrokes.
Offer multiple ways to organize your tasks. Tags, lists, projects, and due dates are all helpful, and the best to-do apps offer at least a few categories like this.
Remind you about self-imposed deadlines. Notifications, widgets, emails—if you’re using an online to-do list, it should help you track what needs to happen when.
Offer clean user interfaces. The best to-do app fits into your workflow so you can get back to what you’re supposed to be doing.
Sync between every platform you use. Which platforms will depend on what you personally use, but I didn’t consider anything that doesn’t sync between desktop and mobile.

I tried to find the task list apps that balance these things in various ways. None of these options will be right for everyone, but hopefully one of them is right for you. Let’s dive in.

Make 2023 your most efficient year yet

Start the year off right with our five-email course that helps you streamline work across your whole business.

Best to-do list app for balancing power and simplicity

Todoist (Web, Windows, macOS, Android, iPhone, iPad)

Todoist isn’t the most powerful to-do list website out there. It’s also not the simplest. That’s kind of the point: this app balances power with simplicity, and it does so while running on basically every platform that exists. That’s a strong selling point—which is probably why Todoist is one of the most popular to-do lists right now.

Adding tasks was quick on every platform in my tests, thanks in part to natural language processing (type “buy milk Monday” and the task “buy milk” will be added with the next Monday set as your due date). You can put new tasks in your Inbox and then move them to relevant projects; you can also set due dates. Paid users can create custom filters and labels, and there are also some basic collaboration features.

Todoist is flexible enough to adapt to most workflows but not so complicated as to overwhelm. And it adds new features regularly: you can view projects as a Kanban board, for example, and navigating the app by keyboard is much smoother after recent updates. Overall, this is a great first to-do list app to try out, especially if you don’t know where to start.

Todoist also integrates with Zapier, which means you can automatically create tasks in Todoist whenever something happens in one of your favorite apps. Here are some examples.

Add new Google Calendar events to Todoist as tasks

Try it

Google Calendar, Todoist

Google Calendar + TodoistMore details

Add new starred emails to Todoist as tasks [Business Gmail Accounts Only]

Try it

Gmail, Todoist

Gmail + TodoistMore details

Add new Trello cards to Todoist as tasks

Try it

Trello, Todoist

Trello + TodoistMore details

Todoist price: Free version available; paid version from $4/month.

Check out more ideas for automating Todoist with Zapier.

Best to-do list app with embedded calendars and timers

TickTick (Web, Android, Windows, macOS, iPhone and iPad)

TickTick is a fast-growing task list app that offers a wide array of features on just about every platform you can imagine. Adding tasks is quick thanks to natural language processing. There’s also a universal keyboard shortcut offered on the desktop versions and pinned notifications and widgets on mobile, which makes it quick to add a task before getting back to what you’re doing. Tasks can be organized using lists, tags, and due dates, and there’s also the ability to add subtasks to any task.

TickTick offers all of this with apps that feel native—the macOS version is distinct from the Windows version, for example, in ways that make sense given the differences between those two systems. TickTick also offers a few features that are above and beyond what other apps offer.

First, there’s a built-in Pomodoro timer, allowing you to start a 25-minute work session for any of your tasks (complete with numerous white noise options, if you want). Second, there’s integration with various third-party calendars, allowing you to see your tasks and your appointments in one place, and even do some time blocking. There’s also a built-in habit-tracking tool, allowing you to review how many days you did or didn’t stick to your exercise and diet commitments. And an Eisenhower Matrix view allows you to prioritize your tasks based on what’s urgent and what’s important. It’s a great collection of features, unlike anything else on the market.

With TickTick’s Zapier integration, you can connect TickTick to the other tools in your tech stack to automatically create tasks whenever you get new leads, deals, or emails.

Create TickTick tasks for newly-labeled Gmail emails [Business Gmail Accounts Only]

Try it

Gmail, TickTick

Gmail + TickTickMore details

Generate TickTick tasks from new Facebook Leads

Try it

Facebook Lead Ads, TickTick

Facebook Lead Ads + TickTickMore details

Generate TickTick tasks from new HubSpot deals

Try it

HubSpot, TickTick

HubSpot + TickTickMore details

TickTick price: Free version available; paid version from $2.40/month.

Check out other ways you can automate TickTick with Zapier.

Best to-do list app for Microsoft power users (and Wunderlist refugees)

Microsoft To Do (Web, Android, Windows, iPhone and iPad)

In 2015, Microsoft bought Wunderlist and put that team to work on a new to-do list app. Microsoft To Do is the result of that, and you can find Wunderlist’s DNA throughout the project. The main interface is clean and friendly, adding tasks is quick, but there’s a lot of flexibility below the surface.

But the real standout feature here is the deep integration with Microsoft’s ecosystem. Any email flagged in Outlook, for example, shows up as a task. Outlook users can also sync their tasks from that app over to Microsoft To Do, meaning there’s finally a way to sync Outlook tasks to mobile. Windows users can add tasks using Cortana or by typing in the Start menu. For example, you can type “add rice to my shopping list,” and rice will be added to a list called “shopping.” If you’re a Windows user and an Outlook user, this is the app for you.

This is also the prettiest to-do list app on the market, in my opinion. You can set custom background images for every one of your lists, allowing you to tell at a glance which list you’re looking at. You’re going to be looking at your task list all day—it might as well look good.

Microsoft To Do integrates with Zapier, which means you can make sure Microsoft To Do is talking to all the other apps you use, not just the Microsoft ones. Here are some examples to get started.

Create Workboard action items from new tasks in Microsoft To-Do

Try it

Microsoft To Do, Workboard

Microsoft To Do + WorkboardMore details

Send direct Slack messages with new Microsoft To-Do lists

Try it

Microsoft To Do, Slack

Microsoft To Do + SlackMore details

Create Microsoft To-Do tasks from new Salesforce leads

Try it

Salesforce, Microsoft To Do

Salesforce + Microsoft To DoMore details

Microsoft To Do price: Free

Learn how you can make Microsoft To Do a productivity powerhouse with Zapier.

The best to-do list app with elegant design

Things (macOS, iPhone, iPad)

To-do list apps tend to fall into two categories: the complex and the minimalist. Things is somehow both.

That’s about the highest praise I can give a to-do list app. This is an app with no shortage of features, and yet it always feels simple to use. Adding tasks is quick and so is organizing them, but there’s seemingly no end of variation in ways to organize them. Areas can contain tasks or projects; projects can contain tasks or headers that can also contain tasks; and tasks can contain subtasks if you want. It sounds confusing, but it isn’t, which really speaks to how well Things is designed.

Other apps offer these features, but Things does it in a way that never feels cluttered, meaning you can quickly be done with looking at your to-do list and get back to whatever it is you’re doing. Combine this blend of functionality and beauty with features like a system-wide tool for quickly adding tasks, integration with your calendar so you can see your appointments while planning your day, intuitive keyboard shortcuts, reminders with native notifications, and syncing to an iPhone and iPad app.

The only downside here is the complete lack of versions for Windows and Android, though this decision is probably part of what allows the team to focus on making such a clean product. If you’re an Apple user, you owe it to yourself to try out Things.

You can automatically add to-dos to Things from your other apps with Things’ integrations on Zapier. Here’s some inspiration.

Add saved Slack messages to Things as to-dos

Try it

Slack, Things

Slack + ThingsMore details

Add new Trello cards to Things as to-dos

Try it

Trello, Things

Trello + ThingsMore details

Create Things to-dos from starred emails in Gmail [Business Gmail Accounts Only]

Try it

Gmail, Things

Gmail + ThingsMore details

Things price: $49.99 for macOS (15-day free trial), $19.99 for iPad, $9.99 for iPhone.

Best to-do list app for users with a very specific organizational system

OmniFocus (Web, macOS, iPhone, iPad)

OmniFocus is nothing if not flexible. This Apple-exclusive application is built around the Getting Things Done (GTD) philosophy trademarked by David Allen, but an array of features means it can be used for just about any organizational system you can imagine. There are three different kinds of projects you can set up, for example, depending on whether you need to do tasks in a specific order or not. There are six main views by default, allowing you to organize your tasks by things like due date, projects, and tags. You can even add more views, assuming you have the Pro version.

You get the idea. OmniFocus is a power user’s dream, with more features than anyone can hope to incorporate into a workflow, which is kind of the point: if there’s a feature you want, OmniFocus has it, so you can organize your tasks basically any way you can imagine.

Syncing is offered only between Apple devices. There’s a web version that’s intended for occasional usage away from your Apple machines, but non-Apple users should probably look elsewhere.

You can connect OmniFocus to your other favorite apps with OmniFocus’s Zapier integration. Whenever something happens in another app that you want to keep track of in OmniFocus, Zapier will automatically send it there.

Create OmniFocus tasks from new saved Slack messages

Try it

Slack, OmniFocus

Slack + OmniFocusMore details

Create OmniFocus tasks for new starred emails on Gmail

Try it

Gmail, OmniFocus

Gmail + OmniFocusMore details

Create OmniFocus tasks from new or moved Trello cards

Try it

Trello, OmniFocus

Trello + OmniFocusMore details

OmniFocus price: From $99.99/year for the recurring plan, which includes all apps and the web version. Also available as a one-time purchase from $49.99 (14-day free trial).

Best to-do list app for making doing things fun

Habitica (Web, Android, iPhone and iPad)

Games are fantastic at motivating mundane activity—how else can you explain all that time you’ve spent on mindless fetch quests? Habitica, formerly known as HabitRPG, tries to use principles from game design to motivate you to get things done, and it’s remarkably effective. You can add tasks, daily activities, and habits to a list. You also have a character, who levels up when you get things done and takes damage when you put things off. You can also earn in-game currency for buying offline rewards, such as a snack, or in-game items like weapons or even silly hats.

This is even better when you join a few friends and start a party. You can all fight bosses together, but be careful: fail to finish some tasks on time and your friends will take damage. If that doesn’t motivate you, nothing will.

What’s the downside? Habitica isn’t a great to-do list for managing long-term projects, so you might need something else for that. But if motivation is your problem, Habitica is well worth a spin.

Habitica price: Free version available; paid version from $5/month.

Best to-do list app for Google power users

Google Tasks (Web, Android, iPhone and iPad)

If you live in Gmail and Google Calendar, Google Tasks is an obvious free to-do list app to try out. That’s because it lives right in the sidebar of those two apps, and offers more than a few integrations. Plus, there’s a dedicated mobile app.

The app itself is spartan. Adding tasks is quick, particularly if you spend a lot of time in Gmail anyway, but there’s not a lot of organizational offerings. There are due dates, lists, descriptions, subtasks, and the ability to “Star” tasks. There’s not much beyond that, which is ok. On the desktop, the integration with Gmail is a key selling point. You can drag an email to Google Tasks to turn it into a task, for example. You also can see your tasks on your Google Calendar, if you want.

The best to-do app is one that’s always handy. If you’re the kind of person who always has Gmail open on your computer, it’s hard for any app to be handier than Google Tasks. The mobile versions make those tasks accessible on the go.

You can automatically move information between Google Tasks and your other apps with Google Tasks’ integration on Zapier. Here are a few examples of workflows you can automate, so you can stop manually moving your tasks.

Create Trello cards from new Google Tasks tasks

Try it

Google Tasks, Trello

Google Tasks + TrelloMore details

Add new Google Tasks to Todoist as tasks

Try it

Google Tasks, Todoist

Google Tasks + TodoistMore details

Add Google Tasks tasks for new Google Calendar events

Try it

Google Calendar, Google Tasks

Google Calendar + Google TasksMore details

Google Tasks price: Free

Take a look at how you can power up all of your Google apps using automation.

Best to-do list app for people who forget to use to-do apps

Any.do (Web, Android, iPhone and iPad)

Any.do offers a really slick mobile app that makes it quick to add tasks, organize them into lists, and add due dates. But where it really shines is with its daily “Plan my Day” feature, which forces you to schedule when you’ll accomplish your various tasks, so that you remember to actually do things. Any.do also integrates nicely with Google and Outlook calendars, allowing you to see your appointments and your tasks in one place. This is exactly what you need if you’re the kind of person who adds things to a list and forgets about them.

The desktop version isn’t quite as slick as the mobile version—it feels cluttered and is more than a little confusing. Still, Any.do’s mobile version alone makes a compelling reason to give it a shot, especially if that’s where you do most of your task management.

Any.do integrates with Zapier, so you can automatically add tasks to Any.do whenever there’s a new calendar event, note, or task in your other apps.

Add Evernote reminders to Any.do as tasks

Try it

Evernote, Any.do

Evernote + Any.doMore details

Create tasks in Any.do for new saved messages in Slack

Try it

Slack, Any.do

Slack + Any.doMore details

Add new incomplete Todoist tasks to Any.do

Try it

Todoist, Any.do

Todoist + Any.doMore details

Any.do price: Free version available; paid version from $2.99/month.

Other to-do list options

We focused on dedicated to-do list apps in this roundup, but plenty of other software can fulfill the same function. Here are a few ideas if none of the above quite fit what you’re looking for:

Project management apps like Trello and Asana can be used as to-do lists, especially if you already use them to manage your other work.
Note-taking apps like Evernote, OneNote, and Google Keep also have to-do list features, if you want to combine your to-do lists and notes.
You can use Notion as a to-do list if that’s where you spend most of your time, and the various Notion alternatives work just as well.
Time-blocking apps are another solid option. These combine a task list with your calendar, encouraging you to decide when you’ll do what.
Google Sheets can be your to-do list. Zapier’s CEO even uses Gmail as his to-do list.
Sticky note apps can also do the trick. So can a piece of paper. Don’t overthink things!

Finding the right task management system is hard because it’s so personal. To that end, let me know if there’s anything you think I missed.

Related reading:

This post was originally published in April 2018 by Andrew Kunesh. The most recent update was in November 2022.

Source :
https://zapier.com/blog/best-todo-list-apps/

Traffic Light Protocol (TLP) Definitions and Usage

CISA currently uses Traffic Light Protocol (TLP) according to the FIRST Standard Definitions and Usage Guidance — TLP Version 2.0. Note: On Nov. 1, 2022, CISA officially adopted TLP 2.0; however, CISA’s Automated Indicator Sharing (AIS) capability will not update from TLP 1.0 to TLP 2.0 until March 2023. This exception includes AIS’s use of the following open standards: the Structured Threat Information Expression (STIX™) for cyber threat indicators and defensive measures information and the Trusted Automated Exchange of Intelligence Information (TAXII™) for machine-to-machine communications.

In addition to the FIRST TLP 2.0 webpage, see CISA’s:

TLP 2.0 User Guide,
TLP: Moving to Version 2.0 Fact Sheet, and
Blog post: On Nov. 1, CISA Upgrades to Traffic Light Protocol 2.0 — Join Us!.

Collapse All Sections

What is TLP?

The Traffic Light Protocol (TLP) was created in order to facilitate greater sharing of information. TLP is a set of designations used to ensure that sensitive information is shared with the appropriate audience. It employs five official marking options to indicate expected sharing boundaries to be applied by the recipient(s). TLP only has five marking options; any designations not listed in this standard are not considered valid by FIRST.

TLP provides a simple and intuitive schema for indicating when and how sensitive information can be shared, facilitating more frequent and effective collaboration. TLP is not a “control marking” or classification scheme. TLP was not designed to handle licensing terms, handling and encryption rules, and restrictions on action or instrumentation of information. TLP labels and their definitions are not intended to have any effect on freedom of information or “sunshine” laws in any jurisdiction.

TLP is optimized for ease of adoption, human readability and person-to-person sharing; it may be used in automated sharing exchanges, but is not optimized for that use.

TLP is distinct from the Chatham House Rule (when a meeting, or part thereof, is held under the Chatham House Rule, participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed.), but may be used in conjunction if it is deemed appropriate by participants in an information exchange.

The source is responsible for ensuring that recipients of TLP information understand and can follow TLP sharing guidance.

If a recipient needs to share the information more widely than indicated by the original TLP designation, they must obtain explicit permission from the original source.

How do I determine appropriate TLP designation?

Color	When should it be used?	How may it be shared?
TLP:RED Not for disclosure, restricted to participants only.	Sources may use TLP:RED when information cannot be effectively acted upon without significant risk for the privacy, reputation, or operations of the organizations involved. For the eyes and ears of individual recipients only, no further.	Recipients may not share TLP:RED information with any parties outside of the specific exchange, meeting, or conversation in which it was originally disclosed. In the context of a meeting, for example, TLP:RED information is limited to those present at the meeting. In most circumstances, TLP:RED should be exchanged verbally or in person.
TLP:AMBER+STRICT Limited disclosure, restricted to participants’ organization.	Sources may use TLP:AMBER+STRICT when information requires support to be effectively acted upon, yet carries risk to privacy, reputation, or operations if shared outside of the organization.	Recipients may share TLP:AMBER+STRICT information only with members of their own organization on a need-to-know basis to protect their organization and prevent further harm.
TLP:AMBER Limited disclosure, restricted to participants’ organization and its clients (see Terminology Definitions).	Sources may use TLP:AMBER when information requires support to be effectively acted upon, yet carries risk to privacy, reputation, or operations if shared outside of the organizations involved. Note that TLP:AMBER+STRICT should be used to restrict sharing to the recipient organization only.	Recipients may share TLP:AMBER information with members of their own organization and its clients on a need-to-know basis to protect their organization and its clients and prevent further harm.
TLP:GREEN Limited disclosure, restricted to the community.	Sources may use TLP:GREEN when information is useful to increase awareness within their wider community.	Recipients may share TLP:GREEN information with peers and partner organizations within their community, but not via publicly accessible channels. Unless otherwise specified, TLP:GREEN information may not be shared outside of the cybersecurity or cyber defense community.
TLP:CLEAR Disclosure is not limited.	Sources may use TLP:CLEAR when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release.	Recipients may share this information without restriction. Information is subject to standard copyright rules.

TLP 2.0 Terminology Definitions

Community

Under TLP, a community is a group who share common goals, practices, and informal trust relationships. A community can be as broad as all cybersecurity practitioners in a country (or in a sector or region).

Organization

Under TLP, an organization is a group who share a common affiliation by formal membership and are bound by common policies set by the organization. An organization can be as broad as all members of an information sharing organization, but rarely broader.

Clients

Under TLP, clients are those people or entities that receive cybersecurity services from an organization. Clients are by default included in TLP:AMBER so that the recipients may share information further downstream in order for clients to take action to protect themselves. For teams with national responsibility, this definition
includes stakeholders and constituents. Note: CISA considers “clients” to be stakeholders and constituents that have a legal agreement with CISA.

Usage

How to use TLP in email

TLP-designated email correspondence should indicate the TLP color of the information in the Subject line and in the body of the email, prior to the designated information itself. The TLP color must be in capital letters: TLP:RED, TLP:AMBER+STRICT, TLP:AMBER, TLP:GREEN, or TLP:WHITE.

How to use TLP in documents

TLP-designated documents should indicate the TLP color of the information in the header and footer of each page. To avoid confusion with existing control marking schemes, it is advisable to right-justify TLP designations. The TLP color should appear in capital letters and in 12 point type or greater. Note: TLP 2.0 has changed the color coding of TLP:RED to accomodate individuals with low vision.

RGB:
TLP:RED : R=255, G=43, B=43, background: R=0, G=0, B=0
TLP:AMBER : R=255, G=192, B=0, background: R=0, G=0, B=0
TLP:GREEN : R=51, G=255, B=0, background: R=0, G=0, B=0
TLP:WHITE : R=255, G=255, B=255, background: R=0, G=0, B=0

CMYK:
TLP:RED : C=0, M=83, Y=83, K=0, background: C=0, M=0, Y=0, K=100
TLP:AMBER : C=0, M=25, Y=100, K=0, background: C=0, M=0, Y=0, K=100
TLP:GREEN : C=79, M=0, Y=100, K=0, background: C=0, M=0, Y=0, K=100
TLP:WHITE : C=0, M=0, Y=0, K=0, background: C=0, M=0, Y=0, K=100

Source :
https://www.cisa.gov/tlp

Apply sensitivity labels to your files and email in Office

Excel for Microsoft 365 Word for Microsoft 365 Outlook for Microsoft 365 More…

Note: This feature requires a Microsoft 365 subscription and is available for users and organizations whose administrators have set up sensitivity labels. If you’re an administrator looking to get started with sensitivity labels see Get started with sensitivity labels.

You can apply sensitivity labels to your files and emails to keep them compliant with your organization’s information protection policies.

The names of these labels, the descriptions you see when you hover over them, and when to use each label will be customized for you by your organization. If you need additional information about which label to apply, and when, contact your organization’s IT department.

How are sensitivity labels applied?

Sensitivity labels are applied either manually or automatically.

Note: Even if your administrator has not configured automatic labeling, they may have configured your system to require a label on all Office files and emails, and may also have selected a default label as the starting point. If labels are required you won’t be able to save a Word, Excel, or PowerPoint file, or send an email in Outlook, without selecting a sensitivity label.

To apply, change, or remove a label manually follow these steps:

Office 365 Office 365 for Mac Office for Android Office for iOS Web

Outlook

When composing an email, select Sensitivity.

Important: Sensitivity is not available if your Office account isn’t a work account, and if your administrator hasn’t configured any sensitivity labels and enabled the feature for you.
Choose the sensitivity label that applies to your email.

Note: If your organization has configured a website to learn more about their sensitivity labels, you will also see a Learn More option.

To remove a sensitivity label that has already been applied to an email, unselect it from the Sensitivity menu. Naturally if your organization requires labels on all files you won’t be able to remove it.

Word, Excel, PowerPoint

On the Home tab, select Sensitivity.

Important: Sensitivity is not available if your Office account isn’t a work account with a Office 365 Enterprise E3 or Office 365 Enterprise E5 license assigned, or if your administrator hasn’t configured any sensitivity labels and enabled the feature for you .
Choose the sensitivity label that applies to your file.

Note: If your organization has configured a website to learn more about their sensitivity labels, you will also see a Learn More option.

To remove a sensitivity label that has already been applied to a file, unselect it from the Sensitivity menu. Naturally if your organization requires labels on all files you won’t be able to remove it.

Automatically applied (or recommended) labels

If your administrator has set up automatic labeling then files or emails that contain certain kinds of information – such as social security numbers, credit card numbers, or other sensitive information – can have a specified label either recommended for, or applied, automatically.

If a label has been applied automatically you’ll see a notification below the Office ribbon that looks like this.

Screenshot of a Policy Tip for an automatically applied sensitivity label

The notice for when a label has been recommended, but not automatically applied, looks similar.

For more information see Automatically apply or recommend sensitivity labels to your files and emails in Office

How do I know what label is currently applied?

The way to see the currently applied label, if any, varies slightly depending upon whether you’re on desktop or mobile.

On desktop apps (including Office for the web) look at the status bar at the bottom of the window.

The Excel status bar showing a "General" sensitivity label has been applied

On the Office mobile apps, select the menu.

Outlook is a bit different

In Outlook nothing appears if no label has been selected or if you’re composing an email and only the default label is applied.

If a label has been selected, however, you’ll see it on the InfoBar just above the To field.

A sensitivity label displayed in the InfoBar above the To field in an Outlook email message.

What happens when I apply a sensitivity label?

When you apply a sensitivity label, the label information will persist with your file or email, even as it is shared between devices, applications, and cloud services. Applying a sensitivity label may also result in changes to your file or email according to your organization’s configuration, such as:

Encryption with Information Rights Management may be applied to your file or email
A header or footer may appear in your file or email
A watermark may appear in your file

Note: If you don’t have permission to change or remove a sensitivity label, you’ll be prevented from doing so with an error message in most apps. In some apps, like Outlook mobile, the sensitivity labels will simply be disabled.

Not all apps on all platforms support the same behavior, so the exact results of applying a sensitivity label may vary slightly. For more information about what capabilities are supported on each platform see Support for sensitivity label capabilities in apps.

Justify changes to sensitivity label

Your administrator can have a policy that requires you to provide justification before changing a sensitivity label from a higher sensitivity to a lower sensitivity. In this configuration, you may be asked to choose a justification reason or provide your own when selecting a less sensitive label.

Note: You will only be asked to justify changes one time after opening a document or replying to forwarding an email message. After justifying once, subsequent changes will not require justification until that document or email message is closed and opened again.

The dialog box that appears when your organization requires you to provide a justification for changing a sensitivity label.

How to capitalize or change the case of text in any app

Automatically convert the case of your text in Word, Excel, Google Docs, and more.

Capitalization isn’t something you have to think much about. The first letter of a sentence gets capitalized, along with any proper nouns—and you write in all caps when you’re angry (or excited, depending on who you ask).

Automatically convert text case in your workflows

Learn how

As long as you type with the capitalization you want, everything’s fine. But when you go to write a long title and have to hold Shift for every first letter or when you write a few sentences without realizing caps lock was on, capitalization can suddenly get more frustrating. It can take seemingly forever to edit each letter back to the case you want—and it’s so easy to miss the stray cApital letter in a long essay or blog post.

Here’s how to automatically capitalize text properly in Word, Google Docs, and other text editors—and in thousands of other apps using Zapier’s Formatter tool.

How to change case in Word

If you’re working in Microsoft Word, it’s easy to change the capitalization or case of text in your document.

Select your text.
In the Home section of the toolbar, click the Change Caseoption. (It’s right next to your font options: a capital and lowercase Aa with a dropdown arrow.)
Select the case you want.

Your options are: Sentence case., lowercase, UPPERCASE, Capitalize Each Word, or tOGGLE cASE to swap your writing’s current case—perfect for the times you swap capital and lowercase accidentally.

Changing the text case in Microsoft Word

Or you can highlight the text and use Word’s keyboard shortcut—Shift + fn + F3—to change selected text between lowercase, UPPERCASE or Capitalizing Each Word.

How to change case in Excel

It’s a little more complicated in Excel—you’ll need to use a formula to get the job done.

To make text uppercase in Excel, use the formula =UPPER(A1:A99), where A1:A99 is the cell range you want to change.
To make text lowercase in Excel, use the formula =UPPER(A1:A99).
To make text Title Case in Excel, use the formula =PROPER(A1:A99).

In every case, you’ll need to put the formula in another cell, and the new text will show up in that cell or column.

How to capitalize text in Google Docs

Google Docs also includes a capitalization tool, hidden in its menus.

Select your text.
Click Format > Text > Capitalization.
Choose the case you want (lowercase, UPPERCASE, or Title Case).

Changing the capitalization in Google Docs

How to capitalize text on macOS

Change capitalization in TextEdit with the built-in macOS text transformations

Using a Mac? Lots of apps on your Mac already includes macOS’s built-in spelling and grammar checks along with text transformations.

In most Mac apps:

Select the text, and right-click on it to see the text options.
Hover over the Transformations menu.
Select the case you want (the Capitalize option will capitalize the first letter of every word).

The capitalization options in Messages on a Mac

If you don’t see the options in the right-click menu, check the gear icon in the app’s font settings—that’s where Pages and other Apple apps put those same transformations.

How to capitalize text in Sublime Text

One of the most popular code and text editors Sublime Text also includes a capitalization tool.

Select your text.
Click Edit > Convert Case.
Select the case you want.

In addition to the standard options, Sublime Text also includes snake_case (lowercase, with an underscore between each word) and kebab-case (lowercase, with a hyphen between each word).

How to convert case online

Another option is to use a web app to format your text. There are a number of simple web apps that can swap your case for you.

In TitleCase, type or paste in your text, and then choose the case you want to automatically convert your text to.
In Convert Case (pictured above), type or paste in your text, then choose each of the case options you want. It’ll give you your text in all of those cases for a quick way to pick what looks best.

Automatically convert text case with Zapier

These tips work great for changing your capitalization within an app, like if you want to convert caps to lowercase in an article you’re writing. But if you want to change capitalization as you send information from one app to the other, here’s how to automatically convert text case with Zapier.

Related reading:

This article was originally published in September 2017. The most recent update was in December 2022.

Source :
https://zapier.com/blog/capitalize-text/

Cybercrime (and Security) Predictions for 2023

Threat actors continue to adapt to the latest technologies, practices, and even data privacy laws—and it’s up to organizations to stay one step ahead by implementing strong cybersecurity measures and programs.

Here’s a look at how cybercrime will evolve in 2023 and what you can do to secure and protect your organization in the year ahead.

Increase in digital supply chain attacks #

With the rapid modernization and digitization of supply chains come new security risks. Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains—this is a three-fold increase from 2021. Previously, these types of attacks weren’t even likely to happen because supply chains weren’t connected to the internet. But now that they are, supply chains need to be secured properly.

The introduction of new technology around software supply chains means there are likely security holes that have yet to be identified, but are essential to uncover in order to protect your organization in 2023.

If you’ve introduced new software supply chains to your technology stack, or plan to do so sometime in the next year, then you must integrate updated cybersecurity configurations. Employ people and processes that have experience with digital supply chains to ensure that security measures are implemented correctly.

Mobile-specific cyber threats are on-the-rise#

It should come as no surprise that with the increased use of smartphones in the workplace, mobile devices are becoming a greater target for cyber-attack. In fact, cyber-crimes involving mobile devices have increased by 22% in the last year, according to the Verizon Mobile Security Index (MSI) 2022 with no signs of slowing down in advance of the new year.

As hackers hone in on mobile devices, SMS-based authentication has inevitably become less secure. Even the seemingly most secure companies can be vulnerable to mobile device hacks. Case in point, several major companies, including Uber and Okta were impacted by security breaches involving one-time passcodes in the past year alone.

This calls for the need to move away from relying on SMS-based authentication, and instead to multifactor authentication (MFA) that is more secure. This could include an authenticator app that uses time-sensitive tokens, or more direct authenticators that are hardware or device-based.

Organizations need to take extra precautions to prevent attacks that begin with the frontline by implementing software that helps verify user identity. According to the World Economic Forum’s 2022 Global Risks Report, 95% of cybersecurity incidents are due to human error. This fact alone emphasizes the need for a software procedure that decreases the chance of human error when it comes to verification. Implementing a tool like Specops’ Secure Service Desk helps reduce vulnerabilities from socially engineered attacks that are targeting the help desk, enabling a secure user verification at the service desk without the risk of human error.

Double down on cloud security #

As more companies opt for cloud-based activities, cloud security—any technology, policy, or service that protects information stored in the cloud—should be a top priority in 2023 and beyond. Cyber criminals become more sophisticated and evolve their tactics as technologies evolve, which means cloud security is essential as you rely on it more frequently in your organization.

The most reliable safeguard against cloud-based cybercrime is a zero trust philosophy. The main principle behind zero trust is to automatically verify everything—and essentially not trust anyone without some type of authorization or inspection. This security measure is critical when it comes to protecting data and infrastructure stored in the cloud from threats.

Ransomware-as-a-Service is here to stay #

Ransomware attacks continue to increase at an alarming rate. Data from Verizon discovered a 13% increase in ransomware breaches year-over-year. Ransomware attacks have also become increasingly targeted — sectors such as healthcare and food and agriculture are just the latest industries to be victims, according to the FBI.

With the rise in ransomware threats comes the increased use of Ransomware-as-a-Service (RaaS). This growing phenomenon is when ransomware criminals lease out their infrastructure to other cybercriminals or groups. RaaS kits make it even easier for threat actors to deploy their attacks quickly and affordably, which is a dangerous combination to combat for anyone leading the cybersecurity protocols and procedures. To increase protection against threat actors who use RaaS, enlist the help of your end-users.

End-users are your organization’s frontline against ransomware attacks, but they need the proper training to ensure they’re protected. Make sure your cybersecurity procedures are clearly documented and regularly practiced so users can stay aware and vigilant against security breaches. Employing backup measures like password policy software, MFA whenever possible, and email-security tools in your organization can also mitigate the onus on end-user cybersecurity.

Data privacy laws are getting stricter—get ready #

We can’t talk about cybersecurity in 2023 without mentioning data privacy laws. With new data privacy laws set to go into effect in several states over the next year, now is the time to assess your current procedures and systems to make sure they comply. These new state-specific laws are just the beginning; companies would be wise to review their compliance as more states are likely to develop new privacy laws in the years to come.

Data privacy laws often require changes to how companies store and processing data, and implementing these new changes might open you up to additional risk if they are not implemented carefully. Ensure your organization is in adherence to proper cyber security protocols, including zero trust, as mentioned above.

Source :
https://thehackernews.com/2022/12/cybercrime-and-security-predictions-for.html

Google introduces end-to-end encryption for Gmail on the web

Google announced on Friday that it’s adding end-to-end encryption (E2EE) to Gmail on the web, allowing enrolled Google Workspace users to send and receive encrypted emails within and outside their domain.

Client-side encryption (as Google calls E2EE) was already available for users of Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar (beta).

Once enabled, Gmail client-side encryption will ensure that any sensitive data delivered as part of the email’s body and attachments (including inline images) can not be decrypted by Google servers — the email header (including subject, timestamps, and recipients lists) will not be encrypted.

“With Google Workspace Client-side encryption (CSE), content encryption is handled in the client’s browser before any data is transmitted or stored in Drive’s cloud-based storage,” Google explained on its support website.

“That way, Google servers can’t access your encryption keys and decrypt your data. After you set up CSE, you can choose which users can create client-side encrypted content and share it internally or externally.”

Gmail E2EE beta is currently available for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers.

They can apply for the beta until January 20, 2023, by submitting their Gmail CSE Beta Test Application which should include the email address, Project ID, and test group domain.

The company says the feature is not yet available to users with personal Google Accounts or Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers.

After Google emails back to confirm that the account is ready, admins can set up Gmail CSE for their users by going through the following procedure to set up their environment, prepare S/MIME certificates for each user in the test group, and configure the key service and identity provider.

The feature will be off by default and can be enabled at the domain, organizational unit, and Group levels by going to Admin console > Security > Access and data control > Client-side encryption.

Once enabled, you can toggle on E2EE for any message by clicking the lock icon next to the Recipients field and clicking “Turn on” under the “Additional encryption” option.

https://static.btloader.com/safeFrame.html?upapi=true

https://e550bca7ddabd8d6701a8c4b48f12667.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?upapi=true

Users will then be able to compose their Gmail messages and add email attachments as they would normally do.

“Google Workspace already uses the latest cryptographic standards to encrypt all data at rest and in transit between our facilities,” Google added.

“Client-side encryption helps strengthen the confidentiality of your data while helping to address a broad range of data sovereignty and compliance needs.”

Apple rolls out end-to-end encryption for iCloud backups

Twitter source code indicates end-to-end encrypted DMs are coming

Learn to use Google Docs, Sheets, Gmail and more for just $41

OldGremlin hackers use Linux ransomware to attack Russian orgs

Source :
https://www.bleepingcomputer.com/news/security/google-introduces-end-to-end-encryption-for-gmail-on-the-web/

Everything you might have missed during Cloudflare’s Impact Week 2022

And that’s a wrap! Impact Week 2022 has come to a close. Over the last week, Cloudflare announced new commitments in our mission to help build a better Internet, including delivering Zero Trust services for the most vulnerable voices and for critical infrastructure providers. We also announced new products and services, and shared technical deep dives.

Were you able to keep up with everything that was announced? Watch the Impact Week 2022 wrap-up video on Cloudflare TV, or read our recap below for anything you may have missed.

Product announcements

Blog	Summary
Cloudflare Zero Trust for Project Galileo and the Athenian Project	We are making the Cloudflare One Zero Trust suite available to teams that qualify for Project Galileo or Athenian at no cost. Cloudflare One includes the same Zero Trust security and connectivity solutions used by over 10,000 customers today to connect their users and safeguard their data.
Project Safekeeping – protecting the world’s most vulnerable infrastructure with Zero Trust	Under-resourced organizations that are vital to the basic functioning of our global communities (such as community hospitals, water treatment facilities, and local energy providers) face relentless cyber attacks, threatening basic needs for health, safety and security. Cloudflare’s mission is to help make a better Internet. We will help support these vulnerable infrastructure by providing our enterprise-level Zero Trust cybersecurity solution to them at no cost, with no time limit.
Cloudflare achieves FedRAMP authorization to secure more of the public sector	We are excited to announce our public sector suite of services, Cloudflare for Government, has achieved FedRAMP Moderate Authorization. The Federal Risk and Authorization Management Program (“FedRAMP”) is a US-government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
A new, configurable and scalable version of Geo Key Manager, now available in Closed Beta	At Cloudflare, we want to give our customers tools that allow them to maintain compliance in this ever-changing environment. That’s why we’re excited to announce a new version of Geo Key Manager — one that allows customers to define boundaries by country, by region, or by standard.

Technical deep dives

Blog	Summary
Cloudflare is joining the AS112 project to help the Internet deal with misdirected DNS queries	Cloudflare is participating in the AS112 project, becoming an operator of the loosely coordinated, distributed sink of the reverse lookup (PTR) queries for RFC 1918 addresses, dynamic DNS updates and other ambiguous addresses.
Measuring BGP RPKI Route Origin Validation	The Border Gateway Protocol (BGP) is the glue that keeps the entire Internet together. However, despite its vital function, BGP wasn’t originally designed to protect against malicious actors or routing mishaps. It has since been updated to account for this shortcoming with the Resource Public Key Infrastructure (RPKI) framework, but can we declare it to be safe yet?

Customer stories

Blog	Summary
Democratizing access to Zero Trust with Project Galileo	Learn how organizations under Project Galileo use Cloudflare Zero Trust to protect their organization from cyberattacks.
Securing the inboxes of democracy	Cloudflare email security worked hard in the 2022 U.S. midterm elections to ensure that the email inboxes of those seeking office were secure.
Expanding Area 1 email security to the Athenian Project	We are excited to share that we have grown our offering under the Athenian Project to include Cloudflare’s Area 1 email security suite to help state and local governments protect against a broad spectrum of phishing attacks to keep voter data safe and secure.
How Cloudflare helps protect small businesses	Large-scale cyber attacks on enterprises and governments make the headlines, but the impacts of cyber conflicts can be felt more profoundly and acutely by small businesses that struggle to keep the lights on during normal times. In this blog, we’ll share new research on how small businesses, including those using our free services, have leveraged Cloudflare services to make their businesses more secure and resistant to disruption.

Internet access

Blog	Summary
Cloudflare expands Project Pangea to connect and protect (even) more community networks	A year and a half ago, Cloudflare launched Project Pangea to help provide Internet services to underserved communities. Today, we’re sharing what we’ve learned by partnering with community networks, and announcing an expansion of the project.
The US government is working on an “Internet for all” plan. We’re on board.	The US government has a $65 billion program to get all Americans on the Internet. It’s a great initiative, and we’re on board.
The Montgomery, Alabama Internet Exchange is making the Internet faster. We’re happy to be there.	Internet Exchanges are a critical part of a strong Internet. Here’s the story of one of them.
Partnering with civil society to track Internet shutdowns with Radar Alerts and API	We want to tell you more about how we work with civil society organizations to provide tools to track and document the scope of these disruptions. We want to support their critical work and provide the tools they need so they can demand accountability and condemn the use of shutdowns to silence dissent.
How Cloudflare helps next-generation markets	At Cloudflare, part of our role is to make sure every person on the planet with an Internet connection has a good experience, whether they’re in a next-generation market or a current-gen market. In this blog we talk about how we define next-generation markets, how we help people in these markets get faster access to the websites and applications they use on a daily basis, and how we make it easy for developers to deploy services geographically close to users in next-generation markets.

Sustainability

Blog	Summary
Independent report shows: moving to Cloudflare can cut your carbon footprint	We didn’t start out with the goal to reduce the Internet’s environmental impact. But as the Internet has become an ever larger part of our lives, that has changed. Our mission is to help build a better Internet — and a better Internet needs to be a sustainable one.
A more sustainable end-of-life for your legacy hardware appliances with Cloudflare and Iron Mountain	We’re excited to announce an opportunity for Cloudflare customers to make it easier to decommission and dispose of their used hardware appliances in a sustainable way. We’re partnering with Iron Mountain to offer preferred pricing and value-back for Cloudflare customers that recycle or remarket legacy hardware through their service.
How we’re making Cloudflare’s infrastructure more sustainable	With the incredible growth of the Internet, and the increased usage of Cloudflare’s network, even linear improvements to sustainability in our hardware today will result in exponential gains in the future. We want to use this post to outline how we think about the sustainability impact of the hardware in our network, and what we’re doing to continually mitigate that impact.
Historical emissions offsets (and Scope 3 sneak preview)	Last year, Cloudflare committed to removing or offsetting the historical emissions associated with powering our network by 2025. We are excited to announce our first step toward offsetting our historical emissions by investing in 6,060 MTs’ worth of reforestation carbon offsets as part of the Pacajai Reduction of Emissions from Deforestation and forest Degradation (REDD+) Project in the State of Para, Brazil.
How we redesigned our offices to be more sustainable	Cloudflare is working hard to ensure that we’re making a positive impact on the environment around us, with the goal of building the most sustainable network. At the same time, we want to make sure that the positive changes that we are making are also something that our local Cloudflare team members can touch and feel, and know that in each of our actions we are having a positive impact on the environment around us. This is why we make sustainability one of the underlying goals of the design, construction, and operations of our global office spaces.
More bots, more trees	Once a year, we pull data from our Bot Fight Mode to determine the number of trees we can donate to our partners at One Tree Planted. It’s part of the commitment we made in 2019 to deter malicious bots online by redirecting them to a challenge page that requires them to perform computationally intensive, but meaningless tasks. While we use these tasks to drive up the bill for bot operators, we account for the carbon cost by planting trees.

Policy

Blog	Summary
The Challenges of Sanctioning the Internet	As governments continue to use sanctions as a foreign policy tool, we think it’s important that policymakers continue to hear from Internet infrastructure companies about how the legal framework is impacting their ability to support a global Internet. Here are some of the key issues we’ve identified and ways that regulators can help balance the policy goals of sanctions with the need to support the free flow of communications for ordinary citizens around the world.
An Update on Cloudflare’s Assistance to Ukraine	On February 24, 2022, when Russia invaded Ukraine, Cloudflare jumped into action to provide services that could help prevent potentially destructive cyber attacks and keep the global Internet flowing. During Impact Week, we want to provide an update on where things currently stand, the role of security companies like Cloudflare, and some of our takeaways from the conflict so far.
Two months later: Internet use in Iran during the Mahsa Amini Protests	A series of protests began in Iran on September 16, following the death in custody of Mahsa Amini — a 22 year old who had been arrested for violating Iran’s mandatory hijab law. The protests and civil unrest have continued to this day. But the impact hasn’t just been on the ground in Iran — the impact of the civil unrest can be seen in Internet usage inside the country, as well.
How Cloudflare advocates for a better Internet	We thought this week would be a great opportunity to share Cloudflare’s principles and our theories behind policy engagement. Because at its core, a public policy approach needs to reflect who the company is through their actions and rhetoric. And as a company, we believe there is real value in helping governments understand how companies work, and helping our employees understand how governments and law-makers work.
Applying Human Rights Frameworks to our approach to abuse	What does it mean to apply human rights frameworks to our response to abuse? As we’ll talk about in more detail, we use human rights concepts like access to fair process, proportionality (the idea that actions should be carefully calibrated to minimize any effect on rights), and transparency.
The Unintended Consequences of blocking IP addresses	This blog dives into a discussion of IP blocking: why we see it, what it is, what it does, who it affects, and why it’s such a problematic way to address content online.

Impact

Blog	Summary
Closing out 2022 with our latest Impact Report	Our Impact Report is an annual summary highlighting how we are trying to build a better Internet and the progress we are making on our environmental, social, and governance priorities.
Working to help the HBCU Smart Cities Challenge	The HBCU Smart Cities Challenge invites all HBCUs across the United States to build technological solutions to solve real-world problems.
Introducing Cloudflare’s Third Party Code of Conduct	Cloudflare is on a mission to help build a better Internet, and we are committed to doing this with ethics and integrity in everything that we do. This commitment extends beyond our own actions, to third parties acting on our behalf. We are excited to share our Third Party Code of Conduct, specifically formulated with our suppliers, resellers and other partners in mind.
The latest from Cloudflare’s seventeen Employee Resource Groups	In this blog post, we highlight a few stories from some of our 17 Employee Resource Groups (ERGs), including the most recent, Persianflare.

What’s next?

That’s it for Impact Week 2022. But let’s keep the conversation going. We want to hear from you!

Visit the Cloudflare Community to share your thoughts about Impact Week 2022, or engage with our team on Facebook, Twitter, LinkedIn, and YouTube.

Or if you’d like to rewatch any Cloudflare TV segments associated with the above stories, visit the Impact Week hub on our website.

Watch on Cloudflare TV

We protect entire corporate networks, help customers build Internet-scale applications efficiently, accelerate any website or Internet application, ward off DDoS attacks, keep hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you’re looking for a new career direction, check out our open positions.

Source :
https://blog.cloudflare.com/everything-you-might-have-missed-during-cloudflares-impact-week-2022/

Microsoft 365 network connectivity test tool

The Microsoft 365 network connectivity test tool is located at https://connectivity.office.com. It’s an adjunct tool to the network assessment and network insights available in the Microsoft 365 admin center under the Health | Connectivity menu.

Important

It’s important to sign in to your Microsoft 365 tenant as all test reports are shared with your administrator and uploaded to the tenant while you are signed in.

Note

The network connectivity test tool supports tenants in WW Commercial but not GCC Moderate, GCC High, DoD or China.

Network insights in the Microsoft 365 Admin Center are based on regular in-product measurements for your Microsoft 365 tenant, aggregated each day. In comparison, network insights from the Microsoft 365 network connectivity test are run locally in the tool.

In-product testing is limited, and running tests local to the user collects more data resulting in deeper insights. Network insights in the Microsoft 365 Admin Center will show that there’s a networking problem at a specific office location. The Microsoft 365 connectivity test can help to identify the root cause of that problem and provide a targeted performance improvement action.

We recommend that these insights be used together where networking quality status can be assessed for each office location in the Microsoft 365 Admin Center and more specifics can be found after deployment of testing based on the Microsoft 365 connectivity test.

What happens at each test step

Office location identification

When you click the Run test button, we show the running test page and identify the office location. You can type in your location by city, state, and country or choose to have it detected for you. If you detect the office location, the tool requests the latitude and longitude from the web browser and limits the accuracy to 300 meters by 300 meters before use. It’s not necessary to identify the location more accurately than the building to measure network performance.

JavaScript tests

After office location identification, we run a TCP latency test in JavaScript and we request data from the service about in-use and recommended Microsoft 365 service front door servers. When these tests are completed, we show them on the map and in the details tab where they can be viewed before the next step.

Download the advanced tests client application

Next, we start the download of the advanced tests client application. We rely on the user to launch the client application and they must also have .NET 6.0 Runtime installed.

There are two parts to the Microsoft 365 network connectivity test: the web site https://connectivity.office.com and a downloadable Windows client application that runs advanced network connectivity tests. Most of the tests require the application to be run. It will populate results back into the web page as it runs.

You’ll be prompted to download the advanced client test application from the web site after the web browser tests have completed. Open and run the file when prompted.

Start the advanced tests client application

Once the client application starts, the web page will update to show this result. Test data will start to be received to the web page. The page updates each time new-data is received and you can review the data as it arrives.

Advanced tests completed and test report upload

When the tests are completed, the web page and the advanced tests client will both show that. If the user is signed in, the test report will be uploaded to the customer’s tenant.

The test report requires authentication to your Microsoft 365 account. Your administrator selects how you can share your test report. The default settings allow for sharing of your reports with other user within your organization and the ReportID link is not available. Reports will expire by default after 90 days.

If you’re signed in when a test report occurs, the report is shared with your administrator.

Test reports (excluding any personal identification) are shared with Microsoft employees. This sharing is enabled by default and can be disabled by your administrator in the Health | Network Connectivity page in the Microsoft 365 Admin Center.

You can choose users to share your report with. Being able to choose is enabled by default, but it can be disabled by your administrator.

Sharing a link to your test results with a user.

You can share your test report with anyone by providing access to a ReportID link. This link generates a URL that you can send to someone so that they can bring up the test report without signing in. This sharing is disabled by default and must be enabled by your administrator.

Network Connectivity Test Results

The results are shown in the Summary and Details tabs. The summary tab shows a map of the detected network perimeter and a comparison of the network assessment to other Microsoft 365 customers nearby. It also allows for sharing of the test report. Here’s what the summary results view looks like:

Network connectivity test tool summary results.

Here’s an example of the details tab output. On the details tab we show a green circle check mark if the result was compared favorably. We show a red triangle exclamation point if the result exceeded a threshold indicating a network insight. The following sections describe each of the details tab results rows and explain the thresholds used for network insights.

Network connectivity test tool example test results.

Your location information

This section shows test results related to your location.

Your location

The user location is detected from the users web browser. It can also be typed in at the user’s choice. It’s used to identify network distances to specific parts of the enterprise network perimeter. Only the city from this location detection and the distance to other network points are saved in the report.

The user office location is shown on the map view.

Network egress location (the location where your network connects to your ISP)

We identify the network egress IP address on the server side. Location databases are used to look up the approximate location for the network egress. These databases typically have an accuracy of about 90% of IP addresses. If the location looked up from the network egress IP address isn’t accurate, this would lead to a false result. To validate if this error is occurring for a specific IP address, you can use publicly accessible network IP address location web sites to compare against your actual location.

Your distance from the network egress location

We determine the distance from that location to the office location. This is shown as a network insight if the distance is greater than 500 miles (800 kilometers) since that is likely to increase the TCP latency by more than 25 ms and may affect user experience.

The map shows the network egress location in relation to the user office location indicating the network backhaul inside of the enterprise WAN.

Implement local and direct network egress from user office locations to the Internet for optimal Microsoft 365 network connectivity. Improvements to local and direct egress are the best way to address this network insight.

Proxy server information

We identify whether proxy server(s) are configured on the local machine to pass Microsoft 365 network traffic in the Optimize category. We identify the distance from the user office location to the proxy servers.

The distance is tested first by ICMP ping. If that fails, we test with TCP ping and finally we look up the proxy server IP address in an IP address location database. We show a network insight if the proxy server is further than 500 miles (800 kilometers) away from the user office location.

Virtual private network (VPN) you use to connect to your organization

This test detects if you’re using a VPN to connect to Microsoft 365. A passing result will show if you have no VPN, or if you have a VPN with recommended split tunnel configuration for Microsoft 365.

VPN Split Tunnel

Each Optimize category route for Exchange Online, SharePoint Online, and Microsoft Teams is tested to see if It’s tunneled on the VPN. A split out workload avoids the VPN entirely. A tunneled workload is sent over the VPN. A selective tunneled workload has some routes sent over the VPN and some split out. A passing result will show if all workloads are split out or selective tunneled.

Customers in your metropolitan area with better performance

Network latency between the user office location and the Exchange Online service is compared to other Microsoft 365 customers in the same metro area. A network insight is shown if 10% or more of customers in the same metro area have better performance. This means their users will have better performance in the Microsoft 365 user interface.

This network insight is generated on the basis that all users in a city have access to the same telecommunications infrastructure and the same proximity to Internet circuits and Microsoft’s network.

Time to make a DNS request on your network

This shows the DNS server configured on the client machine that ran the tests. It might be a DNS Recursive Resolver server however this is uncommon. It’s more likely to be a DNS forwarder server, which caches DNS results and forwards any uncached DNS requests to another DNS server.

This is provided for information only and does not contribute to any network insight.

Your distance from and/or time to connect to a DNS recursive resolver

The in-use DNS Recursive Resolver is identified by making a specific DNS request and then asking the DNS Name Server for the IP Address that it received the same request from. This IP Address is the DNS Recursive Resolver and it will be looked up in IP Address location databases to find the location. The distance from the user office location to the DNS Recursive Resolver server location is then calculated. This is shown as a network insight if the distance is greater than 500 miles (800 kilometers).

The location looked up from the network egress IP Address may not be accurate and this would lead to a false result from this test. To validate if this error is occurring for a specific IP Address, you can use publicly accessible network IP Address location web sites.

This network insight will specifically impact the selection of the Exchange Online service front door. To address this insight local and direct network egress should be a pre-requisite and then DNS Recursive Resolver should be located close to that network egress.

Exchange Online

This section shows test results related to Exchange Online.

Exchange service front door location

The in-use Exchange service front door is identified in the same way that Outlook does this and we measure the network TCP latency from the user location to it. The TCP latency is shown and the in-use Exchange service front door is compared to the list of best service front doors for the current location. This is shown as a network insight if one of the best Exchange service front door(s) isn’t in use.

Not using one of the best Exchange service front door(s) could be caused by network backhaul before the corporate network egress in which case we recommend local and direct network egress. It could also be caused by use of a remote DNS recursive resolver server in which case we recommend aligning the DNS recursive resolver server with the network egress.

We calculate a potential improvement in TCP latency (ms) to the Exchange service front door. This is done by looking at the tested user office location network latency and subtracting the network latency from the current location to the closets Exchange service front door. The difference represents the potential opportunity for improvement.

Best Exchange service front door(s) for your location

This lists the best Exchange service front door locations by city for your location.

Service front door recorded in the client DNS

This shows the DNS name and IP Address of the Exchange service front door server that you were directed to. It’s provided for information only and there’s no associated network insight.

SharePoint Online

This section shows test results related to SharePoint Online and OneDrive.

The service front door location

The in-use SharePoint service front door is identified in the same way that the OneDrive client does and we measure the network TCP latency from the user office location to it.

Download speed

We measure the download speed for a 15 Mb file from the SharePoint service front door. The result is shown in megabytes per second to indicate what size file in megabytes can be downloaded from SharePoint or OneDrive in one second. The number should be similar to one tenth of the minimum circuit bandwidth in megabits per second. For example if you have a 100mbps internet connection, you may expect 10 megabytes per second (10 MBps).

Buffer bloat

During the 15Mb download we measure the TCP latency to the SharePoint service front door. This is the latency under load and it’s compared to the latency when not under load. The increase in latency when under load is often attributable to consumer network device buffers being loaded (or bloated). A network insight is shown for any bloat of 100ms or more.

Service front door recorded in the client DNS

This shows the DNS name and IP Address of the SharePoint service front door server that you were directed to. It’s provided for information only and there’s no associated network insight.

Microsoft Teams

This section shows test results related to Microsoft Teams.

This tests for UDP connectivity to the Microsoft Teams service front door. If this is blocked, then Microsoft Teams may still work using TCP, but audio and video will be impaired. Read more about these UDP network measurements, which also apply to Microsoft Teams at Media Quality and Network Connectivity Performance in Skype for Business Online.

Packet loss

Shows the UDP packet loss measured in a 10-second test audio call from the client to the Microsoft Teams service front door. This should be lower than 1.00% for a pass.

Latency

Shows the measured UDP latency, which should be lower than 100ms.

Jitter

Shows the measured UDP jitter, which should be lower than 30ms.

Connectivity

We test for HTTP connectivity from the user office location to all of the required Microsoft 365 network endpoints. These are published at https://aka.ms/o365ip. A network insight is shown for any required network endpoints, which cannot be connected to.

Connectivity may be blocked by a proxy server, a firewall, or another network security device on the enterprise network perimeter. Connectivity to TCP port 80 is tested with an HTTP request and connectivity to TCP port 443 is tested with an HTTPS request. If there’s no response the FQDN is marked as a failure. If there’s an HTTP response code 407 the FQDN is marked as a failure. If there’s an HTTP response code 403 then we check the Server attribute of the response and if it appears to be a proxy server we mark this as a failure. You can simulate the tests we perform with the Windows command-line tool curl.exe.

We test the SSL certificate at each required Microsoft 365 network endpoint that is in the optimize or allow category as defined at https://aka.ms/o365ip. If any tests do not find a Microsoft SSL certificate, then the encrypted network connected must have been intercepted by an intermediary network device. A network insight is shown on any intercepted encrypted network endpoints.

Where an SSL certificate is found that isn’t provided by Microsoft, we show the FQDN for the test and the in-use SSL certificate owner. This SSL certificate owner may be a proxy server vendor, or it may be an enterprise self-signed certificate.

Network path

This section shows the results of an ICMP traceroute to the Exchange Online service front door, the SharePoint Online service front door, and the Microsoft Teams service front door. It’s provided for information only and there’s no associated network insight. There are three traceroutes provided. A traceroute to outlook.office365.com, a traceroute to the customers SharePoint front end or to microsoft.sharepoint.com if one was not provided, and a traceroute to world.tr.teams.microsoft.com.

Connectivity reports

When you are signed in you can review previous reports that you have run. You can also share them or delete them from the list.

Network health status

This shows any significant health issues with Microsoft’s global network, which might impact Microsoft 365 customers.

Testing from the Command Line

We provide a command line executable that can be used by your remote deployment and execution tools and run the same tests as are available in the Microsoft 365 network connectivity test tool web site.

The command line test tool can be downloaded here: Command Line Tool

You can run it by double clicking the executable in Windows File Explorer, or you can start it from a command prompt, or you can schedule it with task scheduler.

The first time you launch the executable you will be prompted to accept the end user license agreement (EULA) before testing is performed. If you have already read and accepted the EULA you can create an empty file called Microsoft-365-Network-Connectivity-Test-EULA-accepted.txt in the current working directory for the executable process when it is launched. To accept the EULA you can type ‘y’ and press enter in the command line window when prompted.

The executable accepts the following command line parameters:

-h to show a link to this help documentation
-testlist <test> Specifies tests to run. By default only basic tests are run. Valid test names include: all, dnsConnectivityPerf, dnsResolverIdentification, bufferBloat, traceroute, proxy, vpn, skype, connectivity, networkInterface
-filepath <filedir> Directory path of test result files. Allowed value is absolute or relative path of an accessible directory
-city <city> For the city, state, and country fields the specified value will be used if provided. If not provided then Windows Location Services (WLS) will be queried. If WLS fails the location will be detected fromthe machines network egress
-state <state>
-country <country>
-proxy <account> <password> Proxy account name and password can be provided if you require a proxy to access the Internet

Results

Output of results are written to a JSON file in a folder called TestResults which is created in the current working directory of the process unless it already exists. The filename format for the output is connectivity_test_result_YYYY-MM-DD-HH-MM-SS.json. The results are in JSON nodes that match the output shown on the web page for the Microsoft 365 network connectivity test tool web site. A new result file is created each time you run it and the standalone executable does not upload results to your Microsoft tenant for viewing in the Admin Center Network Connectivity pages. Front door codes, longitudes, and latitudes are not included in the result file.

Launching from Windows File Explorer

You can simply double click on the executable to start the testing and a command prompt window will appear.

Launching from the Command Prompt

On a CMD.EXE command prompt window you can type the path and name of the executable to run it. The filename is Microsoft.Connectivity.Test.exe

Launching from Windows Task Scheduler

In Windows Task Scheduler you can add a task to launch the standalone test executable. You should specify the current working directory of the task to be where you have created the EULA accepted file since the executable will block until the EULA is accepted. You cannot interactively accept the EULA if the process is started in the background with no console.

More details on the standalone executable

The commandline tool uses Windows Location Services to find the users City State Country information for determining some distances. If Windows Location Services is disabled in the control panel then user location based assessments will be blank. In Windows Settings “Location services” must be on and “Let desktop apps access your location” must also be on.

The commandline tool will attempt to install the .NET Framework if it is not already installed. It will also download the main testing executable from the Microsoft 365 network connectivity test tool and launch that.

Test using the Microsoft Support and Recovery Assistant

Microsoft Support and Recovery Assistant (Assistant) automates all the steps required to execute the command-line version of the Microsoft 365 network connectivity test tool on a user’s machine and creates a report similar to the one created by the web version of the connectivity test tool. Note, the Assistant runs the command line version of Microsoft 365 network connectivity test tool to produce the same JSON result file, but the JSON file is converted into .CSV file format.

Download and Run the Assistant Here

Viewing Test Results

Reports can be accessed in the following ways:

The reports will be available on the below screen once the Assistant has finished scanning the user’s machine. To access these reports, simply click on the “View log” option to view them.

Microsoft Support and Recovery Assistant wizard.

Connectivity test results and Telemetry data are collected and uploaded to the uploadlogs folder. To access this folder, use one of the following methods:

Open Run (Windows logo key + R), and run the %localappdata%/saralogs/uploadlogs command as follows:

In File Explorer, type C:\Users<UserName>\AppData\Local\saralogs\uploadlogs and press Enter as follows:

Windows Explorer Address Bar for output.

Note: <UserName> is the user’s Windows profile name. To view the information about the test results and telemetry, double-click and open the files.

Types of result files

Microsoft Support and Recovery Assistant creates 2 files:

Network Connectivity Report (CSV) This report runs the raw JSON file against a rule engine to make sure defined thresholds are being met and if they are not met a “warning” or “error” is displayed in the output column of the CSV file. You can view the NetworkConnectivityReport.csv file to be informed about any detected issues or defects. Please see What happens at each test step for details on each test and the thresholds for warnings.
Network Connectivity Scan Report (JSON) This file provides the raw output test results from the command-line version of the Microsoft 365 network connectivity test tool (MicrosoftConnectivityTest.exe).

FAQ

Here are answers to some of our frequently asked questions.

What is required to run the advanced test client?

The advanced test client requires .NET 6.0 Runtime. If you run the advanced test client without that installed you will be directed to the .NET 6.0 installer page. Be sure to install from the Run desktop apps column for Windows. Administrator permissions on the machine are required to install .NET 6.0 Runtime.

The advanced test client uses SignalR to communicate to the web page. For this you must ensure that TCP port 443 connectivity to connectivity.service.signalr.net is open. This URL isn’t published in the https://aka.ms/o365ip because that connectivity isn’t required for a Microsoft 365 client application user.

What is Microsoft 365 service front door?

The Microsoft 365 service front door is an entry point on Microsoft’s global network where Office clients and services terminate their network connection. For an optimal network connection to Microsoft 365, It’s recommended that your network connection is terminated into the closest Microsoft 365 front door in your city or metro.

Note

Microsoft 365 service front door has no direct relationship to the Azure Front Door Service product available in the Azure marketplace.

What is the best Microsoft 365 service front door?

A best Microsoft 365 service front door (formerly known as an optimal service front door) is one that is closest to your network egress, generally in your city or metro area. Use the Microsoft 365 network performance tool to determine location of your in-use Microsoft 365 service front door and the best service front door(s). If the tool determines your in-use front door is one of the best ones, then you should expect great connectivity into Microsoft’s global network.

What is an internet egress location?

The internet egress Location is the location where your network traffic exits your enterprise network and connects to the Internet. This is also identified as the location where you have a Network Address Translation (NAT) device and usually where you connect with an Internet Service Provider (ISP). If you see a long distance between your location and your internet egress location, then this may identify a significant WAN backhaul.

Network connectivity in the Microsoft 365 Admin Center

Microsoft 365 network performance insights

Microsoft 365 network assessment

Microsoft 365 Network Connectivity Location Services

Source :
https://learn.microsoft.com/en-us/Microsoft-365/Enterprise/office-365-network-mac-perf-onboarding-tool?view=o365-worldwide

How to Protect Your Microsoft Exchange Server 2019 with CrowdSec

Follow this step-by-step guide on installing CrowdSec on a Microsoft Exchange server to better protect against common cyberattacks and new threats.

This article is a direct translation of Florian Burnel’s article published on IT Connect. You can find the original article here.

We also have an article on installing CrowdSec on a Windows server with a tutorial on blocking brute force attacks on an RDP connection and blocking a scan of a website hosted on an IIS server.

I. Presentation

In this tutorial, we will dive into how to secure a Microsoft Exchange mail server with the CrowdSec collaborative firewall! Installing CrowdSec on a Microsoft Exchange server will allow you to protect against common attacks but also new threats.

A good example is the security breach ProxyNotShell which made headlines in October 2022: CrowdSec can detect exploit attempts and block malicious IP addresses, thanks to the fact that it contains a collection for IIS and attacks based on HTTP/HTTPS protocols. Other examples are more classic cases: brute force attacks on the Exchange webmail interface.

Due to how it functions, an Exchange server will be exposed to the Internet depending on the architecture of your IS (for example, the presence or absence of a reverse proxy). However, it must be able to communicate outward and also be reachable from the outside to send and receive emails to your users’ mailboxes.

This same server is also reachable through Webmail which allows users to check their emails from a browser. This implies the presence of an IIS web server that hosts both Webmail and Exchange Admin Center. Furthermore, when an Exchange server is compromised by a cyberattack, this mainly involves HTTP/HTTPS access: hence the interest in protecting yourself.

This article is a continuation of my first article on installing an Exchange Server 2019 server. For the installation of the Microsoft Exchange Server itself, I invite you to read my previous tutorial.

In addition, I also encourage you to restrict access to the Exchange admin center.

II. Setting up CrowdSec on Windows

A. Installing the CrowdSec Agent

I already wrote about how to install CrowdSec on Windows in a previous article, but that was the Alpha version. Now, the CrowdSec agent for Windows is available in a stable version, which means that it is ready to be implemented in production.

Note: if you have previously installed the alpha version on your server, you must uninstall it before installing this new CrowdSec version.

First, you must download the MSI package from the official CrowdSec GitHub repository.

While it is installing, the CrowdSec MSI package will perform the following actions:

Install CrowdSec itself
Integrate the Windows Collection (details are available here)
Register the CrowdSec instance with the Central API
Register the CrowdSec service within Windows (automatic start)

Once done, begin the installation. Just follow the steps without making any changes. Then, allow about 2 minutes for the Agent to fully install.

Install CrowdSec on Windows for Exchange Server

As soon as the CrowdSec Agent is in place, we have access to the “cscli” command line which allows you to manage your CrowdSec instance from it.

To list current collections:

cscli collections list

To list the current bouncers (none by default):

cscli bouncers list

CrowdSec Windows - List collections and bouncers

B. Installing the ISS Collection

On Windows, CrowdSec natively sets up the “crowdsecurity/windows“, but it is not enough to protect your Exchange server. We will need to add the IIS collection, which will also add two more collections to detect web attacks.

This collection is installed from this command:

cscli collections install crowdsecurity/iis

In just a few seconds after adding, we can list the installed collections to see the presence of the new collections.

CrowdSec Windows - Lister les collections

To justify what I said in the introduction about the ProxyNotShell vulnerability, we can look at the details of the “crowdsecurity/http-cve” collection. Here, we can see the presence of a detection scenario named “crowdsecurity/CVE-2022-41082” corresponding to this vulnerability.

cscli collections inspect crowdsecurity/http-cve

CrowdSec Windows - http-cve collection details

Let’s go to the next step.

C. Installing Windows Firewall Bouncer

Now, we must set up the “firewall” bouncer for Windows, otherwise, attacks will be detected, but not blocked. Click on the following link, then on the “Download” button to download the MSI package: https://hub.crowdsec.net/author/crowdsecurity/bouncers/cs-windows-firewall-bouncer

The installation is done in only a few clicks: just follow the wizard.

CrowdSec Windows - Installation du bouncer firewall

Once done, the command below will make it possible to see the presence of the bouncer.

cscli bouncers list

Let’s go to the next step.

D. Add IIS log support

For CrowdSec to focus on the logs generated by IIS, and by extension, corresponding to the access to the OWA and ECP portals of Exchange, we must indicate to it the paths to the log files it will analyze.

To do this, you will need to edit the following:

C:\ProgramData\CrowdSec\config\acquis.yaml

In order to add the following lines:

---
use_time_machine: true
filenames:
  - C:\inetpub\logs\LogFiles\*\*.log
labels:
  type: iis

You can see the presence of a “dynamic” path which is characterized by the presence of the wildcard character: “C:\inetpub\logs\LogFiles\*\*.log “. This value will allow CrowdSec to find and read log files located in the tree “C:\inetpub\logs\LogFiles\

In addition to the path to the log files, this configuration block we just added contains a parameter named use_time_machine. It is important because IIS does not write logs in real-time in the log file, but it writes new events in blocks, every minute. Thanks to this parameter, CrowdSec will read the date and time of each line to find its way and process the events chronologically, this avoids false positives.

However, if you are not using the log files, but the event viewer, you should use this piece of code and not the one mentioned above:

---
source: wineventlog
event_channel: Microsoft-IIS-Logging/Logs
event_ids:  - 6200
event_level: information
labels:  
type: iis

Save the acquired.yaml file and you can close it.

Finally, we need to restart CrowdSec. This operation is done in PowerShell with this command:

Restart-Service crowdsec

CrowdSec setup is complete! Now let’s test it!

III. Is the Exchange server protected?

A. Brute force on OWA – Webmail Exchange

There are several possible methods to perform a brute force attack on OWA. Of course, you could do this manually for testing, but you could also use something a bit more automated to simulate a brute-force attack. As for us, we will use a Bash script named “OWA BRUTE” that executes Hydra (an offensive tool compatible with many protocols to test a service’s authentication, equipment, etc. ) with specific parameters corresponding to Outlook Web Access.

The script is available on GitHub.

First, we need to install Hydra and Git. The first one is a prerequisite to use the script and perform our attack, while the second one will be used to clone the GitHub repository to get the Bash script (you can also copy and paste the script in a file…).

sudo apt-get update

sudo apt-get install hydra git

Once this is done, we clone the GitHub project in “/home/florian”:

cd /home/florian/

git clone

Then, we create a file “users.txt” in which we indicate some names of users. You can also recover a list on the Internet.

nano /home/florian/owabrute/users.txt

In the same sense, we create a file “passwords.txt” with the passwords to test.

nano /home/florian/owabrute/passwords.txt

Then, we move to the OWA BRUTE directory to add the execution rights on the Bash script.

cd /home/florian/owabrute/

chmod +x owabrute.sh

All that remains is to launch the attack by targeting “mail.domaine.fr” and then using our previously created files.

./owabrute.sh -d mail.domaine.fr -u ./users.txt -p ./passwords.txt

‍

We can see that the script will test each combination. At the end, it will indicate if it has succeeded or not in finding a valid combination. However, CrowdSec will intervene…

We can see that the script will test each combination, in turn. In the end, it will indicate whether or not it succeeded in finding a valid combination. However, CrowdSec will intervene....

Indeed, if I look at my Exchange server, I can see that there is a new IP address blocked because of brute force (“crowdsecurity/windows-bf”). The CrowdSec agent has correctly blocked the IP address that caused this attack.

Since we are here to test, we can unblock our IP address manually:

cscli decisions delete –ip X.X.X.X

Let’s move on to a second test.

B. Scan Web on OWA

In the case where someone tries to scan your Web server, when IIS is used by Exchange, they can rely on various tools including Nikto which is used to analyze the security level of a Web server. For this example, OWA will be scanned with the Nikto tool: we will see if CrowdSec detects what is happening on the IIS server…

First of all, let’s install this tool:

sudo apt-get update

sudo apt-get install nikto

Then, we launch the scan to webmail:

nikto -h https://mail.domaine.fr/owa

The analysis will take several minutes…

…Except that after a while, CrowdSec will realize that this web client is performing suspicious actions and it will decide to block it. In the example below, we can see the reason “http-sensitive-files” which means that the client tried to access sensitive files.

In this second example, where we performed a completely different action compared to the first attempt, CrowdSec also managed to detect our malicious actions.

IV. Conclusion

We have just seen how to set up the CrowdSec agent on Windows to protect a Microsoft Exchange mail server! Here, I took the example of Exchange Server 2019, but it also applies to previous versions. With these two quick, but concrete examples, we could see the efficiency of CrowdSec!

‍

I’ll also take this moment to remind you of the existence of the CrowdSec Console which allows you to follow the alerts raised by one or more CrowdSec Agents from a web-based console. To learn more about the implementation and all the functionalities, you can visit the Console page.

WRITTEN BY

Florian Burnel

Source :
https://www.crowdsec.net/blog/how-to-protect-microsoft-exchange-server-crowdsec

How we evaluate and test apps

A to-do list like Todoist

A calendar like Google Calendar

A note-taking app like OneNote

A distraction blocker like Freedom

A habit tracker like Streaks or HabitNow

An app to save things for later like Pocket

A screen recording tool like Loom

Other productivity tools worth checking out

The best to-do list apps

What makes the best to-do list app?

How we evaluate and test apps

Best to-do list app for balancing power and simplicity

Add new Google Calendar events to Todoist as tasks

Add new starred emails to Todoist as tasks [Business Gmail Accounts Only]

Add new Trello cards to Todoist as tasks

Best to-do list app with embedded calendars and timers

Create TickTick tasks for newly-labeled Gmail emails [Business Gmail Accounts Only]

Generate TickTick tasks from new Facebook Leads

Generate TickTick tasks from new HubSpot deals

Best to-do list app for Microsoft power users (and Wunderlist refugees)

Create Workboard action items from new tasks in Microsoft To-Do

Send direct Slack messages with new Microsoft To-Do lists

Create Microsoft To-Do tasks from new Salesforce leads

The best to-do list app with elegant design

Add saved Slack messages to Things as to-dos

Add new Trello cards to Things as to-dos

Create Things to-dos from starred emails in Gmail [Business Gmail Accounts Only]

Best to-do list app for users with a very specific organizational system

Create OmniFocus tasks from new saved Slack messages

Create OmniFocus tasks for new starred emails on Gmail

Create OmniFocus tasks from new or moved Trello cards

Best to-do list app for making doing things fun

Best to-do list app for Google power users

Create Trello cards from new Google Tasks tasks

Add new Google Tasks to Todoist as tasks

Add Google Tasks tasks for new Google Calendar events

Best to-do list app for people who forget to use to-do apps

Add Evernote reminders to Any.do as tasks

Create tasks in Any.do for new saved messages in Slack

Add new incomplete Todoist tasks to Any.do

Other to-do list options

Community

Organization

Clients

How to use TLP in email

How to use TLP in documents

How are sensitivity labels applied?

Outlook

Word, Excel, PowerPoint

Automatically applied (or recommended) labels

How do I know what label is currently applied?

Outlook is a bit different

What happens when I apply a sensitivity label?

Justify changes to sensitivity label

See also

How to change case in Word

How to change case in Excel

How to capitalize text in Google Docs

How to capitalize text on macOS

How to capitalize text in Sublime Text

How to convert case online

Automatically convert text case with Zapier

Increase in digital supply chain attacks #

Mobile-specific cyber threats are on-the-rise#

Double down on cloud security #

Ransomware-as-a-Service is here to stay #

Data privacy laws are getting stricter—get ready #

Related Articles:

Product announcements

Technical deep dives

Customer stories

Internet access

Sustainability

Policy

Impact

What’s next?

Watch on Cloudflare TV

What happens at each test step

Office location identification