enterprise and server use of bitlocker™ drive encryption stephen heil technical evangelist windows...
Post on 19-Dec-2015
219 Views
Preview:
TRANSCRIPT
Enterprise And Server Enterprise And Server Use Of BitLocker™ Use Of BitLocker™ Drive EncryptionDrive Encryption
Stephen HeilStephen HeilTechnical EvangelistTechnical EvangelistWindows Core OSWindows Core OSMicrosoft CorporationMicrosoft Corporation
Xian KeXian KeProgram ManagerProgram ManagerWindows System IntegrityWindows System IntegrityMicrosoft CorporationMicrosoft Corporation
AgendaAgenda
Remote and branch office server scenariosRemote and branch office server scenarios
BitLocker™ Drive Encryption overviewBitLocker™ Drive Encryption overview
Protection and recovery scenariosProtection and recovery scenarios
DemoDemo
Management scenariosManagement scenarios
Management featuresManagement features
Enterprise concernsEnterprise concerns
BitLocker™ requirements for Windows BitLocker™ requirements for Windows Server codenamed “Longhorn” Server codenamed “Longhorn”
SummarySummary
The U.S. Dept of Justice estimates that intellectual The U.S. Dept of Justice estimates that intellectual property theft cost enterprises $250 billion in 2004property theft cost enterprises $250 billion in 2004Loss of revenue, market capitalization, and Loss of revenue, market capitalization, and competitive advantagecompetitive advantage
The U.S. Dept of Justice estimates that intellectual The U.S. Dept of Justice estimates that intellectual property theft cost enterprises $250 billion in 2004property theft cost enterprises $250 billion in 2004Loss of revenue, market capitalization, and Loss of revenue, market capitalization, and competitive advantagecompetitive advantage
Information Loss is CostlyInformation Loss is CostlyInformation loss – whether via theft or accidental Information loss – whether via theft or accidental leakage – is costly on several levelsleakage – is costly on several levels
Leaked executive e-mails can be embarrassingLeaked executive e-mails can be embarrassingUnintended forwarding of sensitive information can Unintended forwarding of sensitive information can adversely impact the company’s image and/or adversely impact the company’s image and/or credibilitycredibility
Leaked executive e-mails can be embarrassingLeaked executive e-mails can be embarrassingUnintended forwarding of sensitive information can Unintended forwarding of sensitive information can adversely impact the company’s image and/or adversely impact the company’s image and/or credibilitycredibility
Increasing regulation: SOX, HIPAA, GLBAIncreasing regulation: SOX, HIPAA, GLBABringing a company into compliance can be complex Bringing a company into compliance can be complex and expensiveand expensiveNon-compliance can lead to significant legal fees, Non-compliance can lead to significant legal fees, fines and/or settlementsfines and/or settlements
Increasing regulation: SOX, HIPAA, GLBAIncreasing regulation: SOX, HIPAA, GLBABringing a company into compliance can be complex Bringing a company into compliance can be complex and expensiveand expensiveNon-compliance can lead to significant legal fees, Non-compliance can lead to significant legal fees, fines and/or settlementsfines and/or settlements
FinancialFinancialFinancialFinancial
Image & Image & CredibilityCredibilityImage & Image &
CredibilityCredibility
Legal & Legal & Regulatory Regulatory ComplianceCompliance
Legal & Legal & Regulatory Regulatory ComplianceCompliance
Branch Office ChallengesBranch Office Challenges
Theft of server and/or its hard drivesTheft of server and/or its hard drives
Re-provision or decommission of serverRe-provision or decommission of serveror its hard drivesor its hard drives
Data theft via disk cloning by maintenance Data theft via disk cloning by maintenance and outsourcing techniciansand outsourcing technicians
Secure deployment of a fully configured Secure deployment of a fully configured machine shipped to remote locationmachine shipped to remote location
Data-at-rest on Branch Office Servers Data-at-rest on Branch Office Servers needs protection!needs protection!
Branch Office ServerBranch Office ServerClass SystemsClass Systems
More than 25% of Windows Servers are installed More than 25% of Windows Servers are installed in branch offices and remote locations where in branch offices and remote locations where physical security may be laxphysical security may be lax
RetailRetail
FinanceFinance
InsuranceInsurance
Typical hardwareTypical hardware1P and 2P pedestal systems1P and 2P pedestal systems
RAIDRAID
BitLockerBitLocker™™ And TPM Features And TPM Features
BitLocker™ Drive EncryptionBitLocker™ Drive EncryptionEncrypts entire volumeEncrypts entire volume
Uses Trusted Platform Uses Trusted Platform Module (TPM) v1.2 to validate Module (TPM) v1.2 to validate pre-OS componentspre-OS components
Customizable protection and Customizable protection and authentication methodsauthentication methods
Pre-OS ProtectionPre-OS ProtectionUSB startup key, PIN, and USB startup key, PIN, and TPM-backed authenticationTPM-backed authentication
Single Microsoft TPM DriverSingle Microsoft TPM DriverImproved stability and securityImproved stability and security
TPM Base Services (TBS) TPM Base Services (TBS) Enables third party applicationsEnables third party applications
Active Directory BackupActive Directory BackupAutomated key backup to Automated key backup to AD serverAD server
Group Policy supportGroup Policy support
Scriptable InterfacesScriptable InterfacesTPM managementTPM management
BitLocker™ managementBitLocker™ management
Command-line toolCommand-line tool
1-Factor TPM-Only 1-Factor TPM-Only Protection ScenarioProtection Scenario
Transparently Transparently validates earlyvalidates earlyboot componentsboot componentson OS startupon OS startup
Best ease of useBest ease of use
Protects againstProtects againstSW-only attacksSW-only attacks
Vulnerable toVulnerable tosome HW attackssome HW attacks
Cleartext data
Volume Encryption Key
(FVEK)
Decryption performed on
data using FVEK
Unseal performed on VMK by TPM
Da
ta
FVEK
TPM
VM
K
En
cryp
ted
Dis
k S
ect
ors
Encrypted Volume
---------------------------
Disk
Cleartext data
Volume Encryption Key
(FVEK)
Decryption performed on
data using FVEK
Unseal performed on
VMK D
ata
FVEK
TPM
TPM Key
VM
K
Enc
rypt
ed D
isk
Sec
tors
Encrypted Volume
PIN
---------------------------
2-Factor TPM+PIN2-Factor TPM+PINProtection ScenarioProtection Scenario
Must enter 4-20Must enter 4-20digit PIN on OS startupdigit PIN on OS startup
Validates PIN and early Validates PIN and early boot componentsboot components
Protects against Protects against software-only and many software-only and many hardware attackshardware attacks
Vulnerable to TPM Vulnerable to TPM breaking attacksbreaking attacks
2-Factor TPM+Startup Key 2-Factor TPM+Startup Key Protection ScenarioProtection Scenario
Looks for USB flash Looks for USB flash drive with Startup drive with Startup KeyKeyValidates saved key Validates saved key and early boot and early boot componentscomponentsProtects against Protects against many HW attacksmany HW attacksProtects against Protects against TPM attacksTPM attacks
Disk
Cleartext data
Volume Encryption Key
(FVEK)Decryption performed on
data using FVEK
Unseal performed on VMK
FVEK
TPM
Inte
rmed
iate
key
Enc
rypt
ed d
isk
sect
ors
Encrypted Volume
USB device with Startup
Key
Combining keys by using XOR
VM
K
---------------------------
Startup KeyStartup KeyProtection ScenarioProtection Scenario
Looks for USB Looks for USB with Startup Keywith Startup Key
Validates Validates saved keysaved key
Protects against Protects against many HW attacksmany HW attacks
Vulnerable to Vulnerable to lost token and lost token and pre-OS attackspre-OS attacks
Disk
Cleartext Data
Volume Encryption Key
(FVEK)
Decryption performed on
data using FVEK
Dat
a
FVEK
Enc
rypt
ed d
isk
sect
ors
Encrypted Volume
USB device with Startup Key
Decrypting of the VMK
VM
K
---------------------------
Recovery KeyRecovery Key Scenario Scenario
Looks for Looks for USB with USB with Recovery KeyRecovery Key
Validates Validates saved keysaved key
Unlocks Unlocks volume to volume to enable enable decryptiondecryption
Disk
Cleartext Data
Volume Encryption Key
(FVEK)
Decryption performed on
data using FVEK
Dat
a
FVEK
Enc
rypt
ed d
isk
sect
ors
Encrypted Volume
USB device with RK
RK
Decrypting of the VMK
VM
K
---------------------------
Encrypted VMK
Recovery Password ScenarioRecovery Password Scenario
Prompts user Prompts user to enter to enter Recovery Recovery PasswordPassword
Validates Validates PasswordPassword
Unlocks volume Unlocks volume to enable to enable decryptiondecryption
Cleartext Data
Volume Encryption Key (FVEK)
Decryption performed on
data using FVEK
Da
ta
FVEK
En
cryp
ted
dis
k se
ctor
s
Encrypted Volume
Recovery password
F-key password obtained from Admin
Decryption of the VMK using the
password
VM
K
---------------------------
Encrypted V
MK
Protection For Data VolumesProtection For Data Volumes
Definition: A data volume is a BitLocker-capable volume Definition: A data volume is a BitLocker-capable volume without the current OSwithout the current OS
Automatic unlockingAutomatic unlockingTransparently read encrypted data volumes Transparently read encrypted data volumes
Save unlock keys on the BitLocker-protected OS volumeSave unlock keys on the BitLocker-protected OS volume
Inherited protectionInherited protectionGain TPM-based protection from the OS volume Gain TPM-based protection from the OS volume
No need to manage new startup PINs or startup keysNo need to manage new startup PINs or startup keys
Recover volumesRecover volumesUnlock access with a numerical password or external keyUnlock access with a numerical password or external key
Decommission volumesDecommission volumesReduce data exposure by wiping stored BitLocker keysReduce data exposure by wiping stored BitLocker keys
Integrated into FORMAT in Windows Vista RC1 Integrated into FORMAT in Windows Vista RC1
BitLocker™ And BitLocker™ And Data VolumesData Volumes
Server and client managementServer and client managementUnlocking and auto-unlockingUnlocking and auto-unlocking
BitLockerBitLocker™™ Management Scenarios Management Scenarios
Turn on and off BitLocker protectionTurn on and off BitLocker protection
View BitLocker status indicatorsView BitLocker status indicators
View and manage key protectors for the View and manage key protectors for the volume’s encryption keyvolume’s encryption key
Temporarily disable protectors Temporarily disable protectors without decryptionwithout decryption
Unlock and recover encrypted volumesUnlock and recover encrypted volumes
Set up automatic unlocking of data volumesSet up automatic unlocking of data volumes
Decommission volumesDecommission volumes
TPM Management ScenariosTPM Management Scenarios
Initialize TPM to work with BitLocker Initialize TPM to work with BitLocker and other appsand other apps
Turn on and manage the TPM with Turn on and manage the TPM with “physical presence” assertions“physical presence” assertions
View TPM status and manufacturer informationView TPM status and manufacturer information
View all available TPM commands View all available TPM commands and descriptionsand descriptions
Block and allow TPM commandsBlock and allow TPM commands
BitLockerBitLocker™ Status Indicators™ Status Indicators
Conversion statusConversion statusFully encryptedFully encryptedEncryption/decryption in progress, encryption percentageEncryption/decryption in progress, encryption percentageEncryption/decryption paused, encryption percentageEncryption/decryption paused, encryption percentageFully decryptedFully decrypted
Protection statusProtection statusProtection On: Fully encrypted and key protectors enabledProtection On: Fully encrypted and key protectors enabledProtection OffProtection Off
Lock statusLock statusUnlocked: Encrypted data is accessibleUnlocked: Encrypted data is accessibleLocked: Needs recovery to access dataLocked: Needs recovery to access data
BitLocker Key ProtectorsBitLocker Key Protectors
+ PIN+Key
256 Bit
Password sequencePassword sequence
Key256 Bit
TPM And PINTPM And PINTPMTPM TPM And Startup KeyTPM And Startup Key
Key256 Bit
Key256 Bit
Password sequence
Numerical PasswordNumerical PasswordExternal KeyExternal Key
(OS volume only)(OS volume only) (OS volume only)(OS volume only)(OS volume only)(OS volume only)
Available Management FeaturesAvailable Management Features
BitLocker management featuresBitLocker management featuresControl Panel integrationControl Panel integration
BitLocker setup and key management wizardsBitLocker setup and key management wizards
Scriptable WMI provider interfaceScriptable WMI provider interface
Command-line tool: manage-bde.wsfCommand-line tool: manage-bde.wsf
TPM management featuresTPM management featuresMicrosoft Management Console (MMC) snap-in Microsoft Management Console (MMC) snap-in
TPM initialization and management wizards TPM initialization and management wizards
BIOS integration for physical presenceBIOS integration for physical presence
Scriptable WMI provider interfaceScriptable WMI provider interface
Remote management functionalityRemote management functionality
Sample scripting solutionsSample scripting solutions
Managing KeysManaging Keys
Control panel optionsControl panel optionsDuplicate the recovery passwordDuplicate the recovery password
Duplicate the recovery key Duplicate the recovery key
Duplicate the recovery key to a folderDuplicate the recovery key to a folder
Duplicate the startup key Duplicate the startup key
Reset the PINReset the PIN
Command-line and scripting optionsCommand-line and scripting optionsAll control panel optionsAll control panel options
List, add, remove any key protectors, including List, add, remove any key protectors, including recovery passwords and recovery keysrecovery passwords and recovery keys
Managing Data VolumesManaging Data Volumes
Turning on automatic unlocking in Windows Server LonghornTurning on automatic unlocking in Windows Server LonghornFirst turn on BitLocker protection for the OS volumeFirst turn on BitLocker protection for the OS volumeCreate an external key on the data volumeCreate an external key on the data volumeEnable autounlock to save a key onto the current OS volumeEnable autounlock to save a key onto the current OS volumeStart encryption before or after enabling automatic unlockingStart encryption before or after enabling automatic unlocking
Managing automatic unlocking in Windows Server LonghornManaging automatic unlocking in Windows Server LonghornDetermine autounlock statusDetermine autounlock statusDisable autounlockDisable autounlockClear autounlock keys before decrypting the BitLocker-protectedClear autounlock keys before decrypting the BitLocker-protectedOS volumeOS volume
Other data volume management tasks Other data volume management tasks (Windows Vista and Windows Server Longhorn)(Windows Vista and Windows Server Longhorn)
Unlocking a BitLocker-protected volume Unlocking a BitLocker-protected volume Lock a BitLocker-protected volumeLock a BitLocker-protected volumeTurn off BitLocker protection on a volume Turn off BitLocker protection on a volume
BitLockerBitLocker™™ And TPM Group Policy And TPM Group Policy
BitLocker Group Policy configurationsBitLocker Group Policy configurationsTurn on BitLocker backup to Active Directory Domain ServicesTurn on BitLocker backup to Active Directory Domain Services
Configure setup wizard experienceConfigure setup wizard experience(Default is display all available startup and recovery options)(Default is display all available startup and recovery options)
Configure disk encryption methodConfigure disk encryption method(Default is AES 128 bit with Diffuser)(Default is AES 128 bit with Diffuser)
Configure TPM platform validation profile Configure TPM platform validation profile (Default is PCR 0, 2, 4, 5, 8-11)(Default is PCR 0, 2, 4, 5, 8-11)
TPM Group Policy configurationsTPM Group Policy configurationsTurn on TPM backup to Active Directory Domain ServicesTurn on TPM backup to Active Directory Domain Services
Configure the blocked TPM commands Configure the blocked TPM commands (Default list of blocked commands include TPM_PCR_Reset, (Default list of blocked commands include TPM_PCR_Reset, TPM_Extend, and TPM_Quote)TPM_Extend, and TPM_Quote)
Enterprise BackupEnterprise Backup
BitLocker setup can automatically back up recovery BitLocker setup can automatically back up recovery password to Active Directorypassword to Active Directory
BitLocker setup will not continue if backup step failsBitLocker setup will not continue if backup step fails
Can also back up BitLocker key package for specialized recovery Can also back up BitLocker key package for specialized recovery (coming in Windows Vista RC1) (coming in Windows Vista RC1)
TPM ownership step can automatically back up TPM TPM ownership step can automatically back up TPM owner password hash to Active Directoryowner password hash to Active Directory
Active Directory requirementsActive Directory requirementsWindows Server 2003 SP1, R2, or Windows Server LonghornWindows Server 2003 SP1, R2, or Windows Server Longhorn
Schema extension for storing recovery informationSchema extension for storing recovery information
Configure access control permissions to write to ADConfigure access control permissions to write to AD
Configure Group Policy settingsConfigure Group Policy settings
Enterprise RecoveryEnterprise Recovery
Self-recovery with USB recovery key or known Self-recovery with USB recovery key or known recovery passwordrecovery password
Help desk-assisted recovery to retrieve stored Help desk-assisted recovery to retrieve stored passwords from Active Directorypasswords from Active Directory
BitLocker recovery screen displays computer name BitLocker recovery screen displays computer name and password ID that can unlock disk accessand password ID that can unlock disk access
Help desk verifies user identity, even over the phone Help desk verifies user identity, even over the phone for in-the-field recoveryfor in-the-field recovery
Given a computer name, find the recovery passwords Given a computer name, find the recovery passwords for all disk volumesfor all disk volumes
Given a Password ID, find the recovery password that Given a Password ID, find the recovery password that can unlock the volumecan unlock the volume
Enterprise DeploymentEnterprise Deployment
Enterprises will integrate BitLocker Enterprises will integrate BitLocker deployment steps into existing OSdeployment steps into existing OSand software distribution infrastructureand software distribution infrastructure
Enterprises will evaluate hardware Enterprises will evaluate hardware manufacturers usingmanufacturers using
Windows Logo Program requirementsWindows Logo Program requirements
BitLocker feature requirements BitLocker feature requirements
BitLocker best practice recommendationsBitLocker best practice recommendations
Enterprise security policies Enterprise security policies
Enterprise deployment requirementsEnterprise deployment requirements
BitLocker™ Server RequirementsBitLocker™ Server Requirements
Trusted Platform Module (TPM) v1.2Trusted Platform Module (TPM) v1.2Provides platform integrity measurement and reportingProvides platform integrity measurement and reportingTPM 1.2 Spec: TPM 1.2 Spec: https://www.trustedcomputinggroup.org/specs/TPM/https://www.trustedcomputinggroup.org/specs/TPM/Requires platform support for TPM 1.2 Interface Specification (TIS)Requires platform support for TPM 1.2 Interface Specification (TIS)Memory Mapped I/O, Locality 0Memory Mapped I/O, Locality 0https://www.trustedcomputinggroup.org/specs/PCClient/https://www.trustedcomputinggroup.org/specs/PCClient/
Firmware – TCG compliant Conventional BIOS or EFIFirmware – TCG compliant Conventional BIOS or EFIEstablishes chain of trust for pre-OS bootEstablishes chain of trust for pre-OS bootMust support TCG Static Root Trust Measurement (SRTM)Must support TCG Static Root Trust Measurement (SRTM)Conventional BIOSConventional BIOS
TCG PC Client Specification: TCG PC Client Specification: https://www.trustedcomputinggroup.org/specs/PCClient/https://www.trustedcomputinggroup.org/specs/PCClient/
EFIEFITCG ACPI SpecificationTCG ACPI SpecificationTCG EFI Interface SpecificationTCG EFI Interface SpecificationTCG EFI Protocol SpecificationTCG EFI Protocol Specificationhttps://www.trustedcomputinggroup.org/specs/serverhttps://www.trustedcomputinggroup.org/specs/server
Firmware support for reading USB flash drives during bootFirmware support for reading USB flash drives during bootDisk must have at least two NTFS partitionsDisk must have at least two NTFS partitionsSee See Windows Server Longhorn Logo guide for detailsWindows Server Longhorn Logo guide for details
http://www.microsoft.com/whdc/winlogo/default.mspxhttp://www.microsoft.com/whdc/winlogo/default.mspx
Branch Office Challenges MetBranch Office Challenges MetTheft of server and/or its hard drivesTheft of server and/or its hard drives
OS Volume (including the pagefile and the OS) and data volumes are OS Volume (including the pagefile and the OS) and data volumes are completely protected by BitLocker™ completely protected by BitLocker™
Re-provision or decommission of server or its hard drivesRe-provision or decommission of server or its hard drivesVolume encryption keys can be destroyed via WMI provider method call. Volume encryption keys can be destroyed via WMI provider method call. Multiple hours for reclamation turned into seconds and data is gone! Multiple hours for reclamation turned into seconds and data is gone!
Data theft via disk cloning by maintenance and outsourcing Data theft via disk cloning by maintenance and outsourcing technicianstechnicians
Volume encryption keys are not released to the thief without an Volume encryption keys are not released to the thief without an authenticated boot. Disk cloning will only copy encrypted data.authenticated boot. Disk cloning will only copy encrypted data.
Secure deployment of a fully configured machine shipped to remote Secure deployment of a fully configured machine shipped to remote locationlocation
Image created at main office is secured with PIN. Authorized personnel Image created at main office is secured with PIN. Authorized personnel at branch office call in to get PIN and unlock the image.at branch office call in to get PIN and unlock the image.
Data-at-rest on Branch Office Servers Data-at-rest on Branch Office Servers is protected!is protected!
Value-Add OpportunitiesValue-Add Opportunities
Solutions to lower enterprise deployment costsSolutions to lower enterprise deployment costsRemove manual steps to ready the TPM for Remove manual steps to ready the TPM for BitLocker enterprise deploymentBitLocker enterprise deployment
An interactive “physical presence” assertion guards against malicious An interactive “physical presence” assertion guards against malicious software turning on the TPM, but zero-touch deployment is possible software turning on the TPM, but zero-touch deployment is possible after the TPM is onafter the TPM is on
Factory pre-configurations that ease BitLocker setupFactory pre-configurations that ease BitLocker setup
Other value-add BIOS features or management toolsOther value-add BIOS features or management tools
End-to-end enterprise solutions on clients and serversEnd-to-end enterprise solutions on clients and serversHelp enterprises achieve regulatory compliance – e.g.,Help enterprises achieve regulatory compliance – e.g.,Sarbanes-Oxley, Health Insurance Portability and Accountability Sarbanes-Oxley, Health Insurance Portability and Accountability Act (HIPAA)Act (HIPAA)
Key management, recovery and escrow servicesKey management, recovery and escrow services
Call To ActionCall To Action
Build server platforms with BitLocker™ supportBuild server platforms with BitLocker™ supportTrusted Platform Module (TPM) v1.2Trusted Platform Module (TPM) v1.2
Requires platform support of TPM 1.2 Interface Specification (TIS)Requires platform support of TPM 1.2 Interface Specification (TIS)
System firmware supportSystem firmware supportConventional BIOS or EFIConventional BIOS or EFI
USB flash drive functionality at bootUSB flash drive functionality at bootBitLocker uses USB drives as startup and recovery tokensBitLocker uses USB drives as startup and recovery tokens
Disk must have at least two NTFS partitionsDisk must have at least two NTFS partitionsThe system volume must have at least 1.5 GB for MBR, loader, boot The system volume must have at least 1.5 GB for MBR, loader, boot and setup files.and setup files.
Work with us to test your reference designsWork with us to test your reference designsE-mail: for more informationE-mail: for more informationbdeinfo @ microsoft.combdeinfo @ microsoft.com
Web resourcesWeb resourcesBitLocker™ informationBitLocker™ information
http://www.microsoft.com/technet/windowsvista/security/bitlockr.mspxhttp://www.microsoft.com/technet/windowsvista/security/bitlockr.mspxBitLocker™ technical papers and specsBitLocker™ technical papers and specs
http://www.microsoft.com/whdc/system/platform/hwsecurity/default.mspxhttp://www.microsoft.com/whdc/system/platform/hwsecurity/default.mspxWindows Logo program testingWindows Logo program testing
http://www.microsoft.com/whdc/GetStart/testing.mspxhttp://www.microsoft.com/whdc/GetStart/testing.mspxTCGTCG
http://www.trustedcomputinggroup.orghttp://www.trustedcomputinggroup.org
Related sessionsRelated sessionsBitLocker™ Drive Encryption: Hardware Enhanced Data Protection BitLocker™ Drive Encryption: Hardware Enhanced Data Protection (CPA064)(CPA064)Windows Vista and Windows Server Longhorn Security Platform Windows Vista and Windows Server Longhorn Security Platform Enhancements (CPA127)Enhancements (CPA127)
BitLocker™ questionsBitLocker™ questions
Additional ResourcesAdditional Resources
bdeinfo @ microsoft.combdeinfo @ microsoft.com
Question And AnswerQuestion And Answer
Thank You!Thank You!Please fill out an evaluation formPlease fill out an evaluation form
© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions,
it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
top related