www.microsoft.com
Open in
urlscan Pro
2600:1408:ec00:1084::356e
Public Scan
Submitted URL: https://www.microsoft.com/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/
Effective URL: https://www.microsoft.com/en-us/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/
Submission: On January 13 via api from DE — Scanned from US
Effective URL: https://www.microsoft.com/en-us/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/
Submission: On January 13 via api from DE — Scanned from US
Form analysis 2 forms found in the DOM
Name: searchForm — GET https://www.microsoft.com/en-us/security/site-search
<form class="c-search" autocomplete="off" id="searchForm" name="searchForm" role="search" action="https://www.microsoft.com/en-us/security/site-search" method="GET" data-seautosuggest=""
data-seautosuggestapi="https://www.microsoft.com/msstoreapiprod/api/autosuggest"
data-m="{"cN":"GlobalNav_Search_cont","cT":"Container","id":"c3c1c9c2m1r1a1","sN":3,"aN":"c1c9c2m1r1a1"}" aria-expanded="false">
<input id="cli_shellHeaderSearchInput" aria-label="Search Expanded" aria-expanded="false" aria-controls="universal-header-search-auto-suggest-transparent" aria-owns="universal-header-search-auto-suggest-ul" type="search" name="q"
placeholder="Search Microsoft Security" data-m="{"cN":"SearchBox_nav","id":"n1c3c1c9c2m1r1a1","sN":1,"aN":"c3c1c9c2m1r1a1"}" data-toggle="tooltip" data-placement="right"
title="Search Microsoft Security">
<button id="search" aria-label="Search Microsoft Security" class="c-glyph" data-m="{"cN":"Search_nav","id":"n2c3c1c9c2m1r1a1","sN":2,"aN":"c3c1c9c2m1r1a1"}" data-bi-mto="true"
aria-expanded="false" disabled="disabled">
<span role="presentation">Search</span>
<span role="tooltip" class="c-uhf-tooltip c-uhf-search-tooltip">Search Microsoft Security</span>
</button>
<div class="m-auto-suggest" id="universal-header-search-auto-suggest-transparent" role="group">
<ul class="c-menu" id="universal-header-search-auto-suggest-ul" aria-label="Search Suggestions" aria-hidden="true" data-bi-dnt="true" data-bi-mto="true" data-js-auto-suggest-position="default" role="listbox" data-tel="jsll"
data-m="{"cN":"search suggestions_cont","cT":"Container","id":"c3c3c1c9c2m1r1a1","sN":3,"aN":"c3c1c9c2m1r1a1"}"></ul>
<ul class="c-menu f-auto-suggest-no-results" aria-hidden="true" data-js-auto-suggest-postion="default" data-js-auto-suggest-position="default" role="listbox">
<li class="c-menu-item"> <span tabindex="-1">No results</span></li>
</ul>
</div>
</form>https://www.microsoft.com/en-us/security/blog/
<form role="search" id="searchform-1" action="https://www.microsoft.com/en-us/security/blog/" class="search-form" type="searchForm">
<meta itemprop="target" content="https://www.microsoft.com/en-us/security/blog/?s={s}">
<label for="searchform-1-field" class="sr-only"> Search the Microsoft security blog </label>
<div class="bg-white dark-bg-gray-900 dark-text-white dark-border-gray-700 border border-gray-300 d-flex">
<input itemprop="query-input" class="form-control form-control-sm border-0 flex-grow-1 h-100 py-2" type="search" id="searchform-1-field" name="s" placeholder="Search the blog" value="">
<button class="btn btn-link-secondary m-0 py-1" type="submit">
<span class="sr-only">Submit</span>
<span class="svg" aria-hidden="true">
<svg xmlns="http://www.w3.org/2000/svg" width="13" height="12" fill="none" viewBox="0 0 12 13">
<path fill="#4C4C51" d="M4.833.097a4.833 4.833 0 0 1 3.753 7.879l3.268 3.267a.5.5 0 0 1-.651.756l-.057-.049L7.88 8.683A4.833 4.833 0 1 1 4.833.097m0 1a3.833 3.833 0 1 0 0 7.666 3.833 3.833 0 0 0 0-7.666"></path>
</svg> </span>
</button>
</div>
</form>Text Content
Skip to main content
Microsoft
Microsoft Security
Microsoft Security
Microsoft Security
* Home
* Solutions
* AI-powered cybersecurity
* Cloud security
* Data security
* Identity & network access
* Privacy & risk management
* Security for AI
* Unified SecOps
* Zero Trust
* Products
* Product families Product families
* Microsoft Defender
* Microsoft Entra
* Microsoft Intune
* Microsoft Priva
* Microsoft Purview
* Microsoft Sentinel
* Security AI Security AI
* Microsoft Security Copilot
* Identity & access Identity & access
* Microsoft Entra ID (Azure Active Directory)
* Microsoft Entra External ID
* Microsoft Entra ID Governance
* Microsoft Entra ID Protection
* Microsoft Entra Internet Access
* Microsoft Entra Private Access
* Microsoft Entra Permissions Management
* Microsoft Entra Verified ID
* Microsoft Entra Workload ID
* Microsoft Entra Domain Services
* Azure Key Vault
* SIEM & XDR SIEM & XDR
* Microsoft Sentinel
* Microsoft Defender for Cloud
* Microsoft Defender XDR
* Microsoft Defender for Endpoint
* Microsoft Defender for Office 365
* Microsoft Defender for Identity
* Microsoft Defender for Cloud Apps
* Microsoft Security Exposure Management
* Microsoft Defender Vulnerability Management
* Microsoft Defender Threat Intelligence
* Cloud security Cloud security
* Microsoft Defender for Cloud
* Microsoft Defender Cloud Security Posture Mgmt
* Microsoft Defender External Attack Surface Management
* Azure Firewall
* Azure Web App Firewall
* Azure DDoS Protection
* GitHub Advanced Security
* Endpoint security & management Endpoint security & management
* Microsoft Defender for Endpoint
* Microsoft Defender XDR
* Microsoft Defender for Business
* Microsoft Intune core capabilities
* Microsoft Defender for IoT
* Microsoft Defender Vulnerability Management
* Microsoft Intune Advanced Analytics
* Microsoft Intune Endpoint Privilege Management
* Microsoft Intune Enterprise Application Management
* Microsoft Intune Remote Help
* Microsoft Cloud PKI
* Compliance & privacy Compliance & privacy
* Microsoft Purview Communication Compliance
* Microsoft Purview Compliance Manager
* Microsoft Purview Data Lifecycle Management
* Microsoft Purview eDiscovery
* Microsoft Purview Audit
* Microsoft Priva Risk Management
* Microsoft Priva Subject Rights Requests
* Data security & governance Data security & governance
* Microsoft Purview Information Protection
* Microsoft Purview Insider Risk Management
* Microsoft Purview Data Loss Prevention
* Microsoft Purview Data Governance
* Services
* Microsoft Security Experts
* Microsoft Defender Experts for XDR
* Microsoft Defender Experts for Hunting
* Microsoft Incident Response
* Microsoft Security Enterprise Services
* Partners
* Resources
* Get started Get started
* Cybersecurity awareness
* Customer stories
* Security 101
* Product trials
* How we protect Microsoft
* Reports and analysis Reports and analysis
* Industry recognition
* Microsoft Security Insider
* Microsoft Digital Defense Report
* Security Response Center
* Community Community
* Microsoft Security Blog
* Microsoft Security Events
* Microsoft Tech Community
* Documentation and training Documentation and training
* Documentation
* Technical Content Library
* Training & certifications
* Additional sites Additional sites
* Compliance Program for Microsoft Cloud
* Microsoft Trust Center
* Security Engineering Portal
* Service Trust Portal
* Microsoft Secure Future Initiative
* Business Solutions Hub
* Contact Sales
* Start free trial
* More
* All Microsoft
* GLOBAL
* Microsoft Security
* Azure
* Dynamics 365
* Microsoft 365
* Microsoft Teams
* Windows 365
* Tech & innovation Tech & innovation
* Microsoft Cloud
* AI
* Azure Space
* Mixed reality
* Microsoft HoloLens
* Microsoft Viva
* Quantum computing
* Sustainability
* Industries Industries
* Education
* Automotive
* Financial services
* Government
* Healthcare
* Manufacturing
* Retail
* All industries
* Partners Partners
* Find a partner
* Become a partner
* Partner Network
* Azure Marketplace
* AppSource
* Resources Resources
* Blog
* Microsoft Advertising
* Developer Center
* Documentation
* Events
* Licensing
* Microsoft Learn
* Microsoft Research
* View Sitemap
Search Search Microsoft Security
* No results
Cancel
1. Blog home
2. Threat intelligence
Search the Microsoft security blog
Submit
* Research
* Threat intelligence
* Ransomware
8 min read
NEW “PRESTIGE” RANSOMWARE IMPACTS ORGANIZATIONS IN UKRAINE AND POLAND
* By Microsoft Threat Intelligence
October 14, 2022
*
*
*
* Ransomware
* Threat actors
* Blizzard
* Credential theft
* Ransomware
> April 2023 update – Microsoft Threat Intelligence has shifted to a new threat
> actor naming taxonomy aligned around the theme of weather. IRIDIUM is now
> tracked as Seashell Blizzard.
>
> To learn about how the new taxonomy represents the origin, unique traits, and
> impact of threat actors, and to get a complete mapping of threat actor names,
> read this blog: Microsoft shifts to a new threat actor naming taxonomy.
>
> November 10, 2022 update: MSTIC has updated this blog to document assessed
> attribution of DEV-0960 as IRIDIUM, the actor that executed the Prestige
> ransomware-style attacks.
The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a
novel ransomware campaign targeting organizations in the transportation and
related logistics industries in Ukraine and Poland utilizing a previously
unidentified ransomware payload. We observed this new ransomware, which labels
itself in its ransom note as “Prestige ranusomeware”, being deployed on October
11 in attacks occurring within an hour of each other across all victims.
ATTRIBUTION TO IRIDIUM
As of November 2022, MSTIC assesses that IRIDIUM very likely executed the
Prestige ransomware-style attack. IRIDIUM is a Russia-based threat actor tracked
by Microsoft, publicly overlapping with Sandworm, that has been consistently
active in the war in Ukraine and has been linked to destructive attacks since
the start of the war. This attribution assessment is based on forensic
artifacts, as well as overlaps in victimology, tradecraft, capabilities, and
infrastructure, with known IRIDIUM activity. Review of technical artifacts
available to Microsoft links IRIDIUM to interactive compromise activity at
multiple Prestige victims as far back as March 2022 and continuing within the
week leading up to the October 2022 attack discussed in the blog below.
The Prestige campaign may highlight a measured shift in IRIDIUM’s destructive
attack calculus, signaling increased risk to organizations directly supplying or
transporting humanitarian or military assistance to Ukraine. More broadly, it
may represent an increased risk to organizations in Eastern Europe that may be
considered by the Russian state to be providing support relating to the war.
Microsoft would like to acknowledge CERT UA for their cooperation and
information sharing to assist in our investigations. CERT UA continues to
demonstrate incredible resolve and commitment to security despite physical
danger.
OBSERVED ACTOR ACTIVITY
This ransomware campaign had several notable features that differentiate it from
other Microsoft-tracked ransomware campaigns:
* The enterprise-wide deployment of ransomware is not common in Ukraine, and
this activity was not connected to any of the 94 currently active ransomware
activity groups that Microsoft tracks
* The Prestige ransomware had not been observed by Microsoft prior to this
deployment
* The activity shares victimology with recent Russian state-aligned activity,
specifically on affected geographies and countries, and overlaps with
previous victims of the FoxBlade malware (also known as HermeticWiper)
Despite using similar deployment techniques, the campaign is distinct from
recent destructive attacks leveraging AprilAxe (ArguePatch)/CaddyWiper or
Foxblade (HermeticWiper) that have impacted multiple critical infrastructure
organizations in Ukraine over the last two weeks. MSTIC has not yet linked this
ransomware campaign to a known threat group and is continuing investigations.
MSTIC is tracking this activity as IRIDIUM.
This blog aims to provide awareness and indicators of compromise (IOCs) to
Microsoft customers and the larger security community. Microsoft continues to
monitor this and is in the process of early notification to customers impacted
by IRIDIUM but not yet ransomed. MSTIC is also actively working with the broader
security community and other strategic partners to share information that can
help address this evolving threat through multiple channels.
PRE-RANSOMWARE ACTIVITIES
Prior to deploying ransomware, the IRIDIUM activity included the use of the
following two remote execution utilities:
* RemoteExec – a commercially available tool for agentless remote code
execution
* Impacket WMIexec – an open-source script-based solution for remote code
execution
To gain access to highly privileged credentials, in some of the environments,
IRIDIUM used these tools for privilege escalation and credential extraction:
* winPEAS – an open-source collection of scripts to perform privilege
escalation on Windows
* comsvcs.dll – used to dump the memory of the LSASS process and steal
credentials
* ntdsutil.exe – used to back up the Active Directory database, likely for
later use credentials
RANSOMWARE DEPLOYMENT
In all observed deployments, the attacker had already gained access to highly
privileged credentials, like Domain Admin, to facilitate the ransomware
deployment. Initial access vector has not been identified at this time, but in
some instances it’s possible that the attacker might have already had existing
access to the highly privileged credentials from a prior compromise. In these
instances, the attack timeline starts with the attacker already having Domain
Admin-level access and staging their ransomware payload.
Most ransomware operators develop a preferred set of tradecraft for their
payload deployment and execution, and this tradecraft tends to be consistent
across victims, unless a security configuration prevents their preferred method.
For this IRIDIUM activity, the methods used to deploy the ransomware varied
across the victim environments, but it does not appear to be due to security
configurations preventing the attacker from using the same techniques. This is
especially notable as the ransomware deployments all occurred within one hour.
The distinct methods for ransomware deployment were:
* Method 1: The ransomware payload is copied to the ADMIN$ share of a remote
system, and Impacket is used to remotely create a Windows Scheduled Task on
target systems to execute the payload
* Method 2: The ransomware payload is copied to the ADMIN$ share of a remote
system, and Impacket is used to remotely invoke an encoded PowerShell command
on target systems to execute the payload
* Method 3: The ransomware payload is copied to an Active Directory Domain
Controller and deployed to systems using the Default Domain Group Policy
Object
MALWARE ANALYSIS
The “Prestige” ransomware requires administrative privileges to run. Like many
ransomware payloads, it attempts to stop the MSSQL Windows service to ensure
successful encryption using the following command (the strings
“C:\Windows\System32\net.exe stop” and “MSSQLSERVER” are both hardcoded in the
analyzed samples):
Prestige creates C:\Users\Public\README and stores the following ransom note in
the file. The same file is also created in the root directory of each drive:
Prestige ransom note
Prestige then traverses the files on the file system and encrypts the contents
of files that have one of the following hardcoded file extensions, avoiding
encrypting files in the C:\Windows\ and C:\ProgramData\Microsoft\ directories:
After encrypting each file, the ransomware appends the extension .enc to the
existing extension of the file. For example, changes.txt is encrypted and then
renamed to changes.txt.enc. Prestige uses the following two commands to register
a custom file extension handler for files with .enc file extension:
Custom file extension handler for files with .enc extension
As a result of creating the custom file extension handler, when any file
carrying the file extension .enc (i.e., encrypted by Prestige) is opened by a
user, the file extension handler uses Notepad to open C:\Users\Public\README,
which contains the ransom note.
To encrypt files, Prestige leverages the CryptoPP C++ library to AES-encrypt
each eligible file. During the encryption process, the following hardcoded RSA
X509 public key is used by one version of the ransomware (each version of
Prestige may carry a unique public key):
To hinder system and file recovery, Prestige runs the following command to
delete the backup catalog from the system:
Prestige also runs the following command to delete all volume shadow copies on
the system:
Before running the commands above, the 32-bit version of Prestige calls the
function Wow64DisableWow64FsRedirection() to disable file system redirection and
gain access to the native System32 directory. After running the commands above,
Prestige restores file system redirection by calling the function
Wow64RevertWow64FsRedirection().
Microsoft will continue to monitor IRIDIUM activity and implement protections
for our customers. The current detections, advanced detections, and IOCs in
place across our security products are detailed below.
LOOKING FORWARD
The threat landscape in Ukraine continues to evolve, and wipers and destructive
attacks have been a consistent theme. Ransomware and wiper attacks rely on many
of the same security weaknesses to succeed. As the situation evolves,
organizations can adopt the hardening guidance below to help build more robust
defenses against these threats.
RECOMMENDED CUSTOMER ACTIONS
The ransomware payload was deployed by the actor after an initial compromise
that involved gaining access to highly privileged credentials. The techniques
used by the actor and described in the “Observed Actor Activity” section can be
mitigated by adopting the security considerations provided below:
* Block process creations originating from PSExec and WMI commands to stop
lateral movement utilizing the WMIexec component of Impacket.
* Enable Tamper protection to prevent attacks from stopping or interfering with
Microsoft Defender.
* Turn on cloud-delivered protection in Microsoft Defender Antivirus or the
equivalent for your antivirus product to cover rapidly evolving attacker
tools and techniques. Cloud-based machine learning protections block a huge
majority of new and unknown variants.
* While this attack differs from traditional ransomware, following our
defending against ransomware guidance helps protect against the credential
theft, lateral movement, and ransomware deployment used by IRIDIUM.
* Use the included indicators of compromise to investigate whether they exist
in your environment and assess for potential intrusion.
* Enable multifactor authentication (MFA) to mitigate potentially compromised
credentials and ensure that MFA is enforced for all remote connectivity,
including VPNs. Microsoft strongly encourages all customers download and use
password-less solutions like Microsoft Authenticator to secure your accounts.
INDICATORS OF COMPROMISE (IOCS)
The following table lists the IOCs observed during our investigation. We
encourage our customers to investigate these indicators in their environments
and implement detections and protections to identify past related activity and
prevent future attacks against their systems.
IndicatorTypeDescription5dd1ca0d471dee41eb3ea0b6ea117810f228354fc3b7b47400a812573d40d91dSHA-256Prestige
ransomware
payload5fc44c7342b84f50f24758e39c8848b2f0991e8817ef5465844f5f2ff6085a57SHA-256Prestige
ransomware
payload6cff0bbd62efe99f381e5cc0c4182b0fb7a9a34e4be9ce68ee6b0d0ea3eee39cSHA-256Prestige
ransomware payloada32bbc5df4195de63ea06feb46cd6b55Import hashUnique PE Import
Hash shared by ransomware payloadsC:\Users\Public\READMEFile pathFile path of
the ransom note
NOTE: These indicators should not be considered exhaustive for this observed
activity.
DETECTIONS
MICROSOFT 365 DEFENDER
Microsoft Defender Antivirus
Microsoft Defender Antivirus detects known Prestige ransomware payloads with the
following detection:
* Ransom:Win32/Prestige
Microsoft Defender for Endpoint
Microsoft Defender for Endpoint provides alerts for the indicators used by
IRIDIUM discussed above.
* Ransomware-linked emerging threat activity group IRIDIUM detected
Microsoft Defender for Endpoint also provides alerts for the pre-ransom
techniques discussed above.
Customers should act on these alerts as they indicate hands-on-keyboard attacks.
NOTE: These alerts are not uniquely tied to the Prestige ransomware nor to the
campaign discussed.
* Ongoing hands-on-keyboard attack via Impacket toolkit
* WinPEAS tool detected
* Sensitive credential memory read
* Password hashes dumped from LSASS memory
* Suspicious scheduled task activity
* System recovery setting tampering
* File backups were deleted
ADVANCED HUNTING QUERIES
MICROSOFT SENTINEL
Prestige ransomware file hashes
This query looks for file hashes and Microsoft Defender Antivirus detections
associated with Prestige ransomware payload.
* https://github.com/Azure/Azure-Sentinel/tree/master/Detections/MultipleDataSources/PrestigeRansomwareIOCsOct22.yaml
MICROSOFT 365 DEFENDER
Impacket WMIexec usage
This query surfaces Impacket WMIexec usage on a device:
DeviceProcessEvents
| where Timestamp >= ago(7d)
| where FileName =~ "cmd.exe"
| where ProcessCommandLine has_all (@" 1> \127.0.0.1\", "/Q ", "/c ", @" 2>&1")
| where InitiatingProcessFileName =~ "WmiPrvSE.exe"
This query has the same purpose as above, but it also groups all the commands
launched using Impacket WMIexec on the device:
DeviceProcessEvents
| where Timestamp >= ago(7d)
| where FileName =~ "cmd.exe"
| where ProcessCommandLine has_all (@" 1> \127.0.0.1\", "/Q ", "/c ", @" 2>&1")
| where InitiatingProcessFileName =~ "WmiPrvSE.exe"
| project DeviceName, DeviceId, Timestamp, ProcessCommandLine
| summarize make_set(ProcessCommandLine), min(Timestamp), max(Timestamp) by DeviceId, DeviceName
LSASS process memory dumping
This query surfaces attempts to dump the LSASS process memory comsvcs.dll:
let startTime = ago(7d);
let endTime = now();
DeviceProcessEvents
| where Timestamp between (startTime..endTime)
| where FileName =~ 'rundll32.exe'
and ProcessCommandLine has 'comsvcs.dll'
and ProcessCommandLine has_any ('full','MiniDump')
| where not (ProcessCommandLine matches regex @'{[\w\d]{8}-[\w\d]{4}-[\w\d]{4}-[\w\d]{4}-[\w\d]{12}}'
and ProcessCommandLine matches regex @'(\d{2}_){3}' )
RELATED POSTS
* * Research
* Threat intelligence
* Microsoft Defender
* Threat actors
Published Dec 11, 2024
14 min read
FREQUENT FREELOADER PART II: RUSSIAN ACTOR SECRET BLIZZARD USING TOOLS OF
OTHER GROUPS TO ATTACK UKRAINE
Since January 2024, Microsoft has observed Secret Blizzard using the tools or
infrastructure of other threat groups to attack targets in Ukraine and
download its custom backdoors Tavdig and KazuarV2.
* * Research
* Threat intelligence
* Microsoft Defender
* Attacker techniques, tools, and infrastructure
Published Dec 4, 2024
16 min read
FREQUENT FREELOADER PART I: SECRET BLIZZARD COMPROMISING STORM-0156
INFRASTRUCTURE FOR ESPIONAGE
Microsoft has observed Secret Blizzard compromising the infrastructure and
backdoors of the Pakistan-based threat actor we track as Storm-0156 for
espionage against the Afghanistan government and Indian Army targets.
* * Research
* Threat intelligence
* Microsoft Defender XDR
* Threat actors
Published Oct 29, 2024
13 min read
MIDNIGHT BLIZZARD CONDUCTS LARGE-SCALE SPEAR-PHISHING CAMPAIGN USING RDP
FILES
Since October 22, 2024, Microsoft Threat Intelligence has observed Russian
threat actor Midnight Blizzard sending a series of highly targeted
spear-phishing emails to individuals in government, academia, defense,
non-governmental organizations, and other sectors. This activity is ongoing,
and Microsoft will continue to investigate and provide updates as available.
Based on our investigation of previous Midnight […]
* * Research
* Threat trends
Published Oct 22, 2024
6 min read
MICROSOFT THREAT INTELLIGENCE HEALTHCARE RANSOMWARE REPORT HIGHLIGHTS NEED
FOR COLLECTIVE INDUSTRY ACTION
Healthcare organizations are an attractive target for ransomware attacks.
Read our latest blog post to learn why and get strategies to protect yourself
from cyberthreats.
GET STARTED WITH MICROSOFT SECURITY
Microsoft is a leader in cybersecurity, and we embrace our responsibility to
make the world a safer place.
Learn more
CONNECT WITH US ON SOCIAL
*
*
*
What's new
* Surface Pro
* Surface Laptop
* Surface Laptop Studio 2
* Surface Laptop Go 3
* Microsoft Copilot
* AI in Windows
* Explore Microsoft products
* Windows 11 apps
Microsoft Store
* Account profile
* Download Center
* Microsoft Store support
* Returns
* Order tracking
* Certified Refurbished
* Microsoft Store Promise
* Flexible Payments
Education
* Microsoft in education
* Devices for education
* Microsoft Teams for Education
* Microsoft 365 Education
* How to buy for your school
* Educator training and development
* Deals for students and parents
* Azure for students
Business
* Microsoft Cloud
* Microsoft Security
* Dynamics 365
* Microsoft 365
* Microsoft Power Platform
* Microsoft Teams
* Microsoft 365 Copilot
* Small Business
Developer & IT
* Azure
* Microsoft Developer
* Documentation
* Microsoft Learn
* Microsoft Tech Community
* Azure Marketplace
* AppSource
* Visual Studio
Company
* Careers
* About Microsoft
* Company news
* Privacy at Microsoft
* Investors
* Diversity and inclusion
* Accessibility
* Sustainability
English (United States) Your Privacy Choices Opt-Out Icon Your Privacy Choices
Your Privacy Choices Opt-Out Icon Your Privacy Choices Consumer Health Privacy
* Sitemap
* Contact Microsoft
* Privacy
* Manage cookies
* Terms of use
* Trademarks
* Safety & eco
* Recycling
* About our ads
* © Microsoft 2025