Microsoft’s Security News Briefing Webcast

>> DIGITAL TRANSFORMATION IS CHANGING OUR WORLD >> OUR MISSION, TO EMPOWER EVERY PERSON AND ORGANIZATION ON THE PLANET TO ACHIEVE MORE >> IT’S MAKING US MORE CONNECTED, MORE PRODUCTIVE WE ARE EMPOWERED TO CREATE AMAZING THINGS TOGETHER THE TRANSFORMATION COULDN’T HAPPEN WITHOUT TRUST TRUST THAT OUR BEST IDEAS ARE SECURE AND PROTECTED >> TRUST IS AT THE CORE OF THIS, AND WE’RE TAKING A PRINCIPLED APPROACH WITH STRONG COMMITMENTS TO MAKE SURE THAT OUR CUSTOMERS WITH TRUST DIGITAL TECHNOLOGY THEY USE >> CLOUD POWERED INTELLIGENCE IS LEADING THE WAY, SECURING THE INTELLIGENT EDGE, AND PROTECTING THE PLACES WE WORK SO WE CAN CREATE OUR BEST TOGETHER AND ACHIEVE EVEN MORE >> PLEASE WELCOME PRESIDENT MICROSOFT, BRAD SMITH >> GOOD AFTERNOON THANK YOU TO EVERYBODY IN THE ROOM AND THANK YOU TO EVERYBODY WHO’S WATCHING ONLINE, EITHER NOW OR LATER I THINK WE HAVE AN EXCITING AND REALLY INTERESTING HOUR AHEAD OF US THERE’S AN OPPORTUNITY FOR US AT MICROSOFT TO SHARE WITH YOU WHAT WE BELIEVE IS SOME IMPORTANT NEWS, SOME NEW STEPS WE’RE TAKING TO ADVANCE SECURITY BUT I’M NOT HERE BY MYSELF YOU’LL HEAR ME FRAME THE ISSUE A LITTLE BIT AT THE OUTSET, GIVE YOU OUR BROAD PERSPECTIVE ON THE CYBERSECURITY ISSUE AND WHERE IT’S GOING, AND THEN I’M GOING TO ASK RON GREEN, THE CHIEF SECURITY OFFICER OF MASTERCARD TO SAY SOME WORDS AND RON WILL BE FOLLOWED BY BARRY SIMPSON, THE CHIEF INFORMATION OFFICER FOR THE COCA COLA COMPANY, AND HE’LL BE FOLLOWED BY DIANA KELLY, THE CHIEF TECHNOLOGY OFFICER FOR THE ENTERPRISE SECURITY GROUP AT MICROSOFT AS YOU CAN SEE, WE HAVE A LOT OF CHIEFS HERE TO TALK WITH YOU THIS AFTERNOON

AND THEN I WILL WALK YOU THROUGH OUR NEWEST OF THE DAY WHAT WE THINK IS IMPORTANT IN PROTECTING THE EDGE, THE 9 BILLION INTERNET DEVICES BEING SHIPPED EVERY YEAR WITH MICROCONTROLER UNITS SO WE HAVE A LOT TO COVER, BUT LET ME START BY GIVING YOU A BROAD PERSPECTIVE ON HOW WE’RE THINKING ABOUT CYBERSECURITY AT MICROSOFT IF YOU THINK ABOUT THE 14 MONTHS THAT HAVE TAKEN PLACE SINCE LAST YEAR’S RSA CONFERENCE HERE IN SAN FRANCISCO, IT HAS BEEN AN EVENTFUL TIME THERE WERE SOME WHO LOOKED BACK AT 2017 AND CALLED THE YEAR CYBERGEDDON I DON’T THINK THAT WAS MISPLACED, AND AT THE SAME TIME, WE HAVE STARTED TO SEE STEPS THAT GIVE US A GLIMPSE INTO THE FUTURE, A GLIMPSE INTO WHAT WE CAN AND SHOULD AND, IN FACT, NEED TO DO TO BETTER PROTECT CYBERSECURITY AROUND THE WORLD AS WE TAKE STOCK OF THE WORLD, ONE THING IS CLEAR, CYBERSPACE, UNFORTUNATELY, HAS BECOME THE NEW BATTLEFIELD WE SAW THIS IN 2017, AS WE REALLY SAW A NEW GENERATION OF WEAPONS, CYBER WEAPONS, USED NOT JUST BY CRIMINAL ORGANIZATIONS, BUT INCREASINGLY BY NATION STATES WE SAW THIS LAST MAY WITH THE WANNA CRY ATTACK, WE SAW IT IN JUNE WITH THE PETYA ATTACK AND FINALLY, WHAT WE’RE SEEING IS NOT JUST ATTACKS ON MACHINES, BUT ATTACKS THAT ARE ENDANGERING PEOPLE’S LIVES IN FACT, WE’RE SEEING IN SOME WAYS A TURN FOR THE WORSE IN THE WORLD BECAUSE, WHEN YOU PUT THIS IN HISTORICAL PERSPECTIVE, WHEN WORLD WAR I I ENDED, THE COUNTRIES AND GOVERNMENTS OF THE WORLD UNITED TO RECOGNIZE THAT THEY HAD NOT JUST A MORAL BUT A LEGAL RESPONSIBILITY TO PROTECT CITIZENS EVEN IN TIMES OF WAR, AND YET WHEN YOU LOOK AT THESE ATTACKS LAST YEAR, WHAT WE FUNDAMENTALLY SEE IS THIS, WE SEE NATION STATES ATTACKING CIVILIANS EVEN IN TIMES OF PEACE FOR ALL OF US WHO WORK WITH THE TECHNOLOGY THAT IS THIS INFRASTRUCTURE OF THE FUTURE, THERE IS A HUGE RESPONSIBILITY , A RESPONSIBILITY THAT IN MANY WAYS IS FAR GREATER THAN ANYTHING THAT WAS ENVISIONED WHEN COMPUTERS WERE FIRST INVENTED OR WHEN THE INTERNET FIRST BECAME POPULAR CERTAINLY AT MICROSOFT, WE THINK ABOUT THE WORK THAT IS NEEDED TO FULFILL THIS RESPONSIBILITY IN THREE WAYS FIRST, WITHOUT QUESTION, MICROSOFT AND OTHERS IN THE TECH SECTOR HAVE THE FIRST RESPONSIBILITY TO PROTECT CYBERSECURITY WE BUILD THE PRODUCTS, WE PROVIDE THE SERVICE, WE PROVIDE THE INFRASTRUCTURE, AND BY DEFINITION, WHEN THINGS GO WRONG, IT IS OUR PEOPLE WHO ARE THE FIRST RESPONDERS TORE CUSTOMERS AROUND THE WORLD IT IS A RESPONSIBILITY THAT WE NEED TO ADVANCE EACH AND EVERY DAY BUT IT’S ALSO A SHARED RESPONSIBILITY IT IS NOT SOMETHING THAT THE TECH SECTOR CAN DO BY ITSELF, AND IT IS A RESPONSIBILITY THAT IS SHARED WITH CUSTOMERS I THINK THAT’S WHY IT IS SO HELPFUL AND IMPORTANT TO HEAR FROM PEOPLE LIKE BARRY AND RON ABOUT HOW REALLY CUTTING EDGE CUSTOMERS, WHO ARE INVESTING SO DEEPLY IN I.T. ADVANCES, ARE THINKING ABOUT THE WORK THAT -THEY ARE DOING AND THEY’RE DOING WITH US AND OTHERS TO PROTECT CYBERSECURITY BUT EVEN WHEN YOU THINK ABOUT THE TECH SECTOR AND CUSTOMERS AND YOU PUT US ALL TOGETHER, ANOTHER THING IS CLEAR, THE PRIVATE SECTOR CANNOT DO THIS ALONE IN PART, WE ARE TALKING FUNDAMENTALLY ABOUT ATTACKS BY NATION STATES INCREASINGLY, WE’RE TALKING ABOUT ATTACKS BY GOVERNMENTS THAT HAVE THEIR OWN WELL-FUNDED CYBER WEAPONS CAPABILITIES BY DEFINITION, THE PRIVATE SECTOR CANNOT PROVIDE ALL OF WHAT OUR COUNTRIES AND OUR COMMUNITIES ARE GOING TO NEED HENCE WE NEED PUBLIC LEADERSHIP AS WELL WE NEED IT MORE THAN EVER SO AS WE THINK ABOUT THIS YEAR’S RSA CONFERENCE AND COMING TOGETHER AS AN INDUSTRY HERE IN SAN FRANCISCO FROM LITERALLY AROUND THE WORLD, I THINK IT’S AN IMPORTANT TIME TO REFLECT ON THE FACT THAT WE ALL NEED TO DO MORE AS WE THINK ABOUT WHAT IT MEANS TO DO MORE, WE NEED TO GROUND OURSELVES IN WHERE COMPUTING IS GOING AS SATYA NADELLA, OUR CEO HAS SAID, WE’VE REALLY MIGRATED FROM A WORLD VIEW THAT WAS REALLY CLOUD FIRST AND MOBILE FIRST TO ONE THAT BUILDS ON THAT AND RECOGNIZES THAT, IN FACT, WE HAVE ENTERED ALREADY A WORLD

THAT HAS AN INTELLIGENT CLOUD AND AN INTELLIENT EDGE WELL, WHAT DOES THAT MEAN? WELL, IT REALLY MEANS THAT INTELLIGENCE AND COMPUTING POWER IS DISTRIBUTED FROM LITERALLY THE CENTER OF THE COMPUTING NETWORKS OF TODAY, THAT BEING THE DATA CENTERS THAT LARGE COMPANIES LIKE MICROSOFT OPERATE, TO THE VERY EDGE, THE BILLIONS OF IOT DEVICES THAT INCREASINGLY ARE RUNNING MORE AND MORE POWERFUL COMPUTING UNITS IT IS A WORLD OF MULTI-DEVICE I’LL BET ALMOST EVERYBODY IN THIS ROOM HAS MORE THAN ONE DEVICE WITH THEM, OR IF NOT, ANOTHER DEVICE AT HOME OR AT YOUR OFFICE OR IN YOUR CAR THESE DEVICES ARE INCREASINGLY MULTI-SENSE, MEANING WE TYPE INTO THEM, SOMETIMES WE DO THAT WITH OUR FINGERS ON KEYBOARDS, SOMETIMES WE DO THAT WITH OUR THUMBS ON A TOUCH-BASED DEVICE WE TALK INTO OUR DEVICES OUR DEVICES INCREASINGLY HAVE VISION THEY CAN HEAR US SPEAK AND ALL OF THAT IS CONTINUING TO INCREASE IT IS BEING FUELED BY ARTIFICIAL INTELLIGENCE FOR VIRTUALLY EVERY ASPECT OF COMPUTING AND WE’VE ENTERED, IN EFFECT, A SERVERLESS WORLD WE’RE NO LONGER TALKING TO CUSTOMERS ABOUT HOW THEY’RE GOING TO RUN OUR SOFTWARE ON THEIR SERVERS INSTEAD, WE’RE TALKING ABOUT AN ENVIRONMENT THAT CONNECTS THE DATA CENTER DIRECTLY WITH DEVICES AND RELIES ON THE CLOUD IN SO MANY WAYS, THIS TECHNOLOGICAL ADVANCE HAS PROMISE FOR THE FUTURE IT WILL DO EVERYTHING FROM HELPING US WORK MORE PRODUCTIVELY TO ENJOY OUR FREE TIME TO LITERALLY HELPING US CURE CANCER BUT IT’S ALSO A TIME WHEN WE NEED TO STEP BACK AND THINK ABOUT THE WORLD THAT WE’RE CREATING WE’RE CREATING A WORLD WHERE EVERYTHING WILL BE CONNECTED, FROM YOUR REFRIGERATOR TO YOUR THERMOSTAT TO YOUR AIR CONDITIONER TO YOUR LIGHTS, TO YOUR CAR, TO YOUR OFFICE BUT WE ALSO NEED TO RECOGNIZE THIS IN A WORLD WHERE EVERYTHING WILL BE CONNECTED, WE WILL ALSO HAVE A WORLD WHERE ANYTHING CAN BE DISRUPTED AND IF WE’RE NOT CAREFUL, A WORLD WHERE ONE THING IS DISRUPTED CAN QUICKLY LEAD TO OTHER THINGS BEING DISRUPTED AS WELL ULTIMATELY, IT MEANS ONE THING ABOVE ALL ELSE IN A WORLD WHERE ANYTHING CAN BE DISRUPTED, EVERYTHING NEEDS TO BE PROTECTED LITERALLY FROM THE CLOUD TO THE EDGE AND THAT’S WHY TODAY, WHAT WE’RE REALLY HERE TO SHARE WITH YOU IS THE PERSPECTIVE FROM OUR CUSTOMERS IN WHAT THEY ARE SEEING AND IMPLEMENTING, TO THE NEW ADVANCES THAT WE’RE ANNOUNCE ANNOUNCES ANNOUNCE ANNOUNCING THIS AFTERNOON, NEW FEATURES AND FUNCTIONALITY THAT WILL HELP OUR CUSTOMERS MAKE USE OF A MORE SECURE CLOUD, IN WAYS THAT WILL HELP THEM PROTECT THEIR DEVICES, AND FUNDAMENTALLY, A BRAND NEW INITIATIVE, AN INITIATIVE THAT IN SOME RESPECTS IS ALMOST pDIFFERENT FROM ANYTHING MICROSOFT HAS PURSUED IN ITS 43-YEAR HISTORY, TO SECURE THE EDGE, TO SECURE THE EDGE THE WAY WITH NEEDS TO BE SECURED AND TO SECURE IT IN A WAY THAT IT HAS NEVER BEEN SECURED BEFORE SO LET ME TURN IT OVER NEXT TO RON, TO RON GREEN PLEASE JOIN ME IN — WELCOMING RON GREEN, THE CHIEF SECURITY OFFICER FOR MASTERCARD >> THANK YOU, BRAD >> YEAH, THAT DOES HAPPEN, DOESN’T IT? SO WHAT I WANTED TO TALK TO YOU TODAY WAS TRUST IN THE SECURITY SECTOR TRUST IS A CRITICAL INGREDIENT FOR US TO HAVE, AND FOR MANY YEARS MASTERCARD HAS MAINTAINED THE TRUST OF CUSTOMERS, SERVICES, AND BUSINESSES FOR WHEN THEY COME TO CONDUCT THEIR PAYMENT TRANSITIONS SO EVERY MINUTE OF THE DAY IN NEARLY EVERY CORNER OF THE GLOBE, WE HAVE PEOPLE THAT ARE DEPENDING ON US TO ENABLE THEIR TRANSACTION TO HAPPEN SO ONE OF THE CORNERSTONES OF THAT TRUST IS SECURITY BECAUSE THESE CONSUMERS, THE MERCHANTS, THE BANKS, AND THE GOVERNMENT ARE DEPENDING ON US TO PROTECT THE CUSTOMERS’ INFORMATION, TO PROTECT THE TRANSACTION, AND TO PREVENT FRAUD SO IN LIGHT OF THAT, AT MASTERCARD, SECURITY IS PART OF EVERYTHING WE DO, EVERYTHING WE BUILD, EVERY SERVICE WE PROVIDE, WE BUILD IN SECURITY FROM THE ONSET AT MASTERCARD, WE TALK ABOUT SECURITY BEING EVERYBOY’S RESPONSIBILITY, AND WE MEAN THAT WITHIN THE COMPANY, BUT WE ALSO MEAN THAT EXTERNALLY AS WELL AND BY THAT, I MEAN PARTNERSHIPS, AND PARTNERING

WITH OTHERS IN THE SECTOR, PARTNERING WITH OTHER INDUSTRIES, PARTNERING WITH GOVERNMENTS THOSE ARE THINGS THAT ARE CRITICAL FOR US TO BE SUCCESSFUL IN THIS SPACE THE ADVERSARIES, THE BAD GUYS, THEY’RE UPPING THEIR SKILLS THEY’RE GETTING BETTER EVERY DAY BUT MOST IMPORTANTLY, OR WHAT’S WORSE, IS THEY’RE ACTUALLY WORKING TOGETHER THEY WORK COLLABORATIVELY IN A WAY TO BE MORE EFFECTIVE IN THEIR USE OF VULNERABILITIES AND ATTACKS AGAINST US AND SO WE DON’T JUST HAVE — IT’S NOT JUST GOOD FOR US TO PARTNER, WE NEED TO, WE MUST IN ORDER TO BE SUCCESSFUL IN THE SPACE SO I WILL TELL YOU, WE’VE DONE A LOT OF REALLY GOOD THINGS IN THE PARTNERING SPACE IN THE FINANCIAL SERVICES SECTOR, BUT WE ALSO PARTNER WITH TRUSTED GROUPS LIKE MICROSOFT AN EXAMPLE OF THAT WOULD BE THE CYBER READINESS INSTITUTE THAT WE ARE JOINTLY ENGAGED IN, AND THIS WILL HELP US PROVIDE SMALL AND MEDIUM BUSINESSES WITH THE SKILLS AND CAPABILITIES AND JUST AN ABILITY TO PROTECT THEMSELVES BETTER BECAUSE FROM SOFTWARE TO CONDUCTING PAYMENT TRANSACTIONS, ALL OF US, ALL OF OUR BUSINESSES ARE INTEGRAL COGS IN THIS, AND IT’S REALLY IMPORTANT THAT WE ARE ABLE TO SECURE NOT JUST OURSELVES IT’S NOT JUST IMPORTANT FOR MASTERCARD TO SECURE ITSELF, BUT SECURING THE ENTIRE ECOSYSTEM IS VERY IMPORTANT TO US SO I WANT TO THANK YOU FOR ALLOWING ME TO TIME TODAY TO EXPRESS HOW IMPORTANT IT IS TO PARTNER WITH GROUPS LIKE MICROSOFT >> WELL, THANK YOU, RON I THINK I WAS GOING TO ASK YOU MAYBE ONE QUESTION, IF IT YOU DON’T MIND ONE OF THE THINGS THAT I THINK IS SO INTERESTING ABOUT THESE ISSUES TODAY IS IN THE TECH SECTOR TRUST IS REALLY BECOME A PREREQUISITE TRUST HAS BEEN A PREREQUISITE IN FINANCIAL SERVICES PROBABLY SINCE FINANCIAL SERVICES WERE INVENTED WHAT DOES THIS DEVELOPMENT OF THE TRUST EQUATION MEAN FOR A COMPANY LIKE MASTERCARD? HOW ARE YOU ALL THINKING ABOUT THAT AS YOU NEED TO WORK AT THIS INTERSECTION OF TECHNOLOGY AND FINANCIAL SERVICES? >> WITHOUT TRUST, WE CAN’T DO BUSINESS JUST THINK ABOUT IT AS CONSUMERS OURSELVES, IF WE DIDN’T TRUST SOMEONE TO PROTECT OUR FINANCIAL INTERESTS, WOULD WE DO BUSINESS WITH THEM? WOULD WE ACTUALLY USE A CARD TO PAY FOR SOMETHING IF WE DIDN’T TRUST THAT THE PAYMENT WOULD ACTUALLY HAPPEN AND THEN HAPPEN SECURELY? SO WITHOUT TRUST, THERE IS NO BUSINESS IN OUR SPACE SO WE THINK ABOUT IT ALL THE TIME >> GOOD THANK YOU VERY MUCH I APPRECIATE YOU BEING HERE WELL, LET ME THEN TURN FROM ONE CUSTOMER SCENARIO TO ANOTHER IT’S A REAL PLEASURE FOR ME TO WELCOME BARRY SIMPSON, WHO IS THE CHIEF INFORMATION OFFICER FOR THE COCA COLA COMPANY IF YOU THINK ABOUT IT FOR A MOMENT, EVERYWHERE AROUND THE WORLD FOR OVER A CENTURY, BILLIONS OF PEOPLE HAVE HAD CONFIDENCE AND TRUST IN WHAT THEY WOULD GET WHEN THEY OPENED A BOTTLE THAT SAID COCA COLA ON IT BARRY IS TAKING THAT LEVEL OF TRUST INTO A NEW ERA SO, BARRY, THANK YOU >> THANKS SO MUCH, BRAD THANK YOU I’D LIKE TO GIVE YOU A PERSPECTIVE FROM OUR COMPANY ON HOW WE LOOK AT CYBERSECURITY AND HOW WE HAVE A PRAGMATIC VIEW OF ATTACHING SECURITY TO OUR GROWTH AGENDA AND IT IS REALLY IMPORTANT THAT WE FOCUS WHAT WE DO WITH SECURITY IN OUR GROWTH AGENDA FROM 1886 WE STARTED AS A COMPANY THAT HAD ONE PRODUCT IN ONE COUNTRY WE’RE NOW A COMPANY THAT HAS OVER 4,000 PRODUCTS SERVED IN 200 COUNTRIES WE HAVE 770,000 ASSOCIATES ACROSS OUR FRANCHISE SYSTEM WE HAVE $21 BILLION BRANDS, AND WE’RE A BUSINESS THAT HAS REALLY STEEPED ITSELF IN CONSUMER TRUST AND BEING A CORE PART OF CONSUMER PREFERENCES SO WHEN WE THINK ABOUT SECURITY, IT’S ALL ABOUT PRESERVING THAT TRUST WITH OUR CONSUMER IT’S ABOUT GROWING OUR BUSINESS, BUT ALSO BEING PRAGMATIC ABOUT HOW WE EXECUTE OUR SECURITY AGENDA ACROSS SUCH A LARGE, DIVERSE SYSTEM SO FOR US, WE HAVE TO HAVE THE CONSUMER AT THE HEART OF EVERYTHING WE DO, AND IT’S CLEAR THAT DIGITAL EXPERIENCES ARE GIVING OUR CONSUMERS ENDLESS OPTIONS TO RESEARCH, TO BUY, TO INTERACT WITH OUR BRANDS, AND THEY CAN DO THIS 24/7 SO WE LIVE IN A WORLD WHERE WE HAVE TO RESPECT AND GUARD OUR CONSUMERS’ PRIVACY, BUT WE ALSO HAVE TO PERSONALIZE AND ENGAGE THEM IN OUR BRANDS TO DELIVER A COMPELLING EXPERIENCE SO WHEN WE THINK OF SECURITY AND WE THINK ABOUT OUR GROWTH JOURNEY AT COCA COLA, WE HAVE TECHNOLOGY AT THE HEART OF OUR NEW GROWTH AGENDA

SO IT’S CLEAR WHEN WE TALK ABOUT GROWTH, THAT HAVING DIGITAL CAPABILITY AT THE HEART OF OUR BUSINESS IS REALLY, REALLY IMPORTANT AND WE THINK ABOUT IT IN TWO WAYS WE THINK ABOUT DIGITIZING EXTERNALLY TO GROW WITH OUR CONSUMERS AND SO THAT WE ARE IN OUR CONSUMERS’ DIGITAL SPACE WE HAVE A PERSONALIZED JOURNEY FOR THEM, AND WE’RE CREATING THE PRODUCTS AND BRANDS AND THE EXPERIENCES THAT THEY EXPECT FROM A COMPANY LIKE COCA COLA BUT WE ALSO HAVE TO GROW, AND WE CAN ONLY GROW THROUGH HAVING THE RIGHT WORKPLACE EXPERIENCE FOR OUR ASSOCIATES AND SO FOR US, WE ALSO DIGITIZE INTERNALLY TO MAKE OUR WORKSPACE MORE EFFICIENT BUT ALSO MORE ENGAGING AND MORE AGILE BECAUSE IT’S VERY CLEAR THAT THE WAY PEOPLE ARE WORKING IS CHANGING SO I’D LIKE TO TALK A LITTLE MORE ABOUT SOME OF THE CHOICES WE’RE MAKING AS A COMPANY TO CREATE THIS DIGITAL WORKSPACE INTERNALLY AND EXTERNALLY SO FIRST OF ALL, LET’S TALK ABOUT WHAT WE’RE DOING AROUND OUR LANDSCAPE WE’RE MOVING FROM BEING A COMPANY THAT HAS STITCHED TOGETHER TECHNOLOGY THAT HAS BEEN A BUILDER OF APPLICATIONS TO A COMPANY THAT’S MOVING TO STRATEGIC PARTNERSHIPS ACROSS PLATFORMS AT SCALE WE BELIEVE THAT THAT FUNDAMENTAL SHIFT IN TECHNOLOGY AND MOVING TO PLATFORMS, IT CAN BUILD ECOSYSTEMS AROUND US, WILL GIVE US THE SCALE WE NEED, WILL GIVE US THE SPEED WE NEED, BUT ALSO GIVES US THE FLEXIBILITY TO PARTNER WITH COMPANIES LARGE AND SMALL TO DRIVE OUR GROWTH AGENDA SO AT THE HEART OF THAT IS SIMPLIFICATION IF YOU WANT TO GO FASTER, YOU HAVE TO SIMPLIFY YOUR BUSINESS SO WE ARE DRAMATICALLY SIMPLIFYING OUR APPLICATION STACKS ALL ACROSS OUR SYSTEM WE’RE ALSO ACCELERATING OUR MOVE TO CLOUD WE BELIEVE THAT CLOUD PLATFORMS ARE, BY THEIR DESIGN, INHERENTLY MORE SECURE THEY HAVE BETTER SEGMENTATION AN D WHEN YOU READ A LOT OF THE % CYBER ATTACKS, A LOT OF IT IS ABOUT JUST THE BASIC PLUMBING, GETTING THE PATCHING RIGHT, AND THAT’S GETTING HARDER AND HARDER IN IT A WORLD WHERE WE’RE EXPECTING TO BE CONNECTING WITH MORE AND MORE PEOPLE SO WE’RE SECURING OUR CLOUD PLATFORMS WE’VE ACCELERATED OUR MOVE TO CLOUD BY THE END OF THIS YEAR, OUR COMPANY, ALL OF OUR COMPANY SYSTEMS WILL BE CLOUD-BASED AND WILL BE OUT OF OUR CORPORATE DATA CENTER WE’RE ALSO MOVING, AS I SAID, TO INTEGRATED PLATFORMS THAT SCALE, AND I’D LIKE TO TALK A LITTLE ABOUT WHAT THAT MEANS IN TERMS OF SECURITY SO WE’RE PARTNERING VERY CLOSELY WITH MICROSOFT FOR OUR SECURITY PLATFORMS BECAUSE, ONCE AGAIN, IF YOU THINK ABOUT HOW WE WORKED IN THE PAST, WE WOULD HAVE HAD LOTS OF DIFFERENT SOLUTIONS WE WOULD HAVE HAD TO STITCH THEM ALL TOGETHER, AND WE WOULD HAVE TO HOPE WITH ALL THESE COMPONENTS STITCHED TOGETHER, THAT WE’RE PROVIDING A SECURE ENVIRONMENT WE JUST DON’T THINK WE CAN GET THERE FAST ENOUGH, AND WE DON’T THINK WE CAN DO IT IN A WAY THAT CAN BE COMPLETE ENOUGH WITHOUT A STRATEGIC PARTNERSHIP WITH SOMEONE LIKE MICROSOFT SO WE’RE MOVING OUR DIRECTORY STRUCTURES WE’VE SIMPLIFIED THEM, AND WE’VE MOVED THEM TO THE AZURE AD PLATFORM WE’VE MOVED OUR OFFICE 365 SYSTEMS TO THE LATEST VERSIONS, AND WE’RE MOVING TO ADVANCE THREAT PROTECTION AND THIS REALLY LETS US UNDERSTAND WHAT’S HAPPENING ACROSS THE SYSTEM LIKE I’VE SAID, WE’RE A PART OF A LARGE FRANCHISE SYSTEM, AND WHEN YOU THINK ABOUT ATTACKS FOR OUR SYSTEM, THEY CAN BE THE SIMPLE ATTACKS WE’RE SEEING PHISHING ATTACKS, BOTH SIMPLE AND SOPHISTICATED, AND GROWING IN NUMBER SO HAVING ADVANCED THREAT PROTECTION ACROSS THAT ENVIRONMENT IS EXTREMELY IMPORTANT TO US AS WELL WE’RE ALSO SEEING SOPHISTICATED ATTACKS OUT OF THERE, AND THIS IS A BATTLE WHERE WE JUST CAN’T KEEP THROWING MORE TROOPS AT THE BATTLE WE JUST HAVE TO BE SMARTER AT HOW WE WORK ACROSS OUR TECHNOLOGY LANDSCAPE SO USING ARTIFICIAL INTELLIGENCE, USING THE POWER OF THE AZURE PLATFORM TO HELP US DETECT THREATS, TO UNDERSTAND PATTERNS, AND THEN TO SCALE THAT ACROSS OUR FRANCHISE SYSTEM IS DELIVERING CERTAINLY BENEFITS NOW, BUT WE SEE THE BENEFITS SCALING MORE IN THE FUTURE, PARTICULARLY AS WE SEE THE THREAT LANDSCAPE CONTINUALLY INCREASING WHEN WE THINK ABOUT WHAT WE DO INTERNALLY, WE’RE BRINGING CONSUMER GRADE TECHNOLOGY TO ALL OUR ASSOCIATES WITHIN THE COMPANY THAT’S WHAT THEY EXPECT PEOPLE EXPECT THE SAME EASE OF USE THEY HAVE OUTSIDE OF WORK, TO HAVE THAT SAME EASE OF USE INSIDE OF WORK AND SO SECURITY HAS TO BE BOTH RIGID YET ALSO FLEXIBLE WE LIKE TO TALK ABOUT HAVING FRICTIONLESS SECURITY WITHIN OUR COMPANY SO WHEN WE DEPLOY SOLUTIONS SUCH AS WINDOWS 10 ACROSS OUR ORGANIZATION, IT’S REALLY

IMPORTANT THAT WE DO THIS IN A WAY THAT MAKES IT A SEAMLESS EXPERIENCE FOR OUR END CONSUMERS, OUR ASSOCIATES AND SO THINGS LIKE WINDOWS HELLO, THINGS LIKE MICROSOFT AUTHENTICATOR, THEY BRING INTUITIVE, EASE OF USE WAYS OF SECURING DEVICES AND GIVING US THAT FULL MULTI-FACTOR AUTHENTICATION ACROSS OUR ORGANIZATION THAT WE NEED TO PROTECT OUR ENVIRONMENT YET WE’RE ALSO FREEING UP PEOPLE TO BE ABLE TO WORK ANYWHERE, AT ANY TIME, ON ANY DEVICE TO WORK WITH OUR SYSTEMS THIS SIMPLIFICATION, THIS MOVE TO PLATFORMS, THIS BUILDING OF ECOSYSTEMS FOR SECURITY IS ALSO LETTING US MOVE FASTER IF WE THINK ABOUT THE PACE WE NEED TO CHANGE AT FOR SECURITY AND HOW WE NEED TO ADAPT TO THE THREAT LANDSCAPE, A HISTORICAL APPROACH TO HAVING MULTIPLE SOLUTIONS OR MULTIPLE PLATFORMS IS REALLY DIFFICULT TO MANAGE AT PACE AND AT SCALE OUR RECENT ROLL OUT OF MFA ACROSS ALL OF OUR GLOBAL LANDSCAPE, WE WERE ABLE TO DO THAT IN LESS THAN TWO MONTHS BECAUSE WE MADE THE CHOICES ON PLATFORM AND BECAUSE WE MADE DECISIONS AROUND HOW WE WANT TO PARTNER TO SCALE FOR OUR SYSTEM SO I THINK, WHEN WE THINK ABOUT CYBERSECURITY, IT HAS TO BE ABOUT SIMPLY IFICATION SIMPLIFICATION, THE M OVE TO CLOUD IS EXTREMELY IMPORTANT TO US, AND THIS ECOSYSTEM OF SECURITY TECHNOLOGIES THAT WORK TOGETHER REALLY ALLOW YOU TO SCALE AT SPEED AND TO ADAPT IN AN EVER-CHANGING ENVIRONMENT THANK YOU [APPLAUSE] >> THANK YOU, BARRY THANK YOU THANK YOU, EVERYONE, FOR BEING HERE I’M DIANA KELLY WE’RE GOING TO — I DON’T KNOW IF WHAT YOU JUST HEARD SOUNDED FAMILIAR, WHAT YOU HEARD FROM BARRY AND WHAT YOU HEARD FROM RON COMPANIES STRUGGLING WITH ENGAGING THEIR CUSTOMERS BUT BUILDING TRUST AND FINDING A WAY TO SIMPLIFY IN MY ROLE, I TALK TO CUSTOMERS EVERY SINGLE WEEK, AND THESE ARE THE CORE THEMES THAT WE’RE HEARING BACK FROM THEM THEY’RE SAYING TO US, MICROSOFT, CAN YOU HELP US TO SIMPLIFY? CAN YOU HELP US TO MOVE SMARTER? AND BE FASTER WITH OUR REMEDIATION WE ALSO HEAR A LOT ABOUT THE STRUGGLE THE STRUGGLE IS REAL SO THE NUMBER OF DIFFERENT PRODUCTS THAT COMPANIES HAVE TO DEAL WITH WHOSE FIRST RSA IS THIS? NONE OF US OKAY, THE SHOW FLOOR IS GOING TO BE FUN BECAUSE THERE’S NO END OF PRODUCTS ON THAT SHOW FLOOR I MEAN, THERE’S SO MANY DIFFERENT OPTIONS TO CHOOSE FROM, BUT CUSTOMERS REALLY ARE LOOKING FOR A LEVEL OF SIMPLIFICATION AND BEING ABLE TO BRING TOGETHER ALL OF THE SIGNAL FROM ALL THESE DIFFERENT PRODUCTS, SHARE INTELLIGENCE ACROSS THEIR SPACE, SO THAT THEY CAN MAKE BETTER DECISIONS A LOT OF COMPANIES, THEY’RE SECURITY OPERATIONS FOLKS, THEY’RE DROWNING IN DATA THEY DON’T KNOW HOW TO TRIAGE, HOW TO GET TO IT AND IF YOU WANT TO THINK ABOUT, LOOK AT ONE NUMBER OF DROWNING IN DATA, JUST AS AN EXAMPLE, WINDOWS DEFENDER AV DEFENDS AGAINST 5 BILLION — 5 BILLION UNIQUE THREATS A MONTH THAT’S A LOT OF THREATS COULD YOU IMAGINE A TEAM OF PEOPLE GOING THROUGH THAT NUMBER OF THREATS WITHOUT HAVING SOME SORT OF AID WITH AUTOMATION? SO WE SEE THE CLOUD AS A SECURITY IMPERATIVE FOR ENTERPRISE IN ORDER FOR ENTERPRISE TO LEVERAGE OUT TRUST, TO GET THE SIMPLIFICATION AND THE INTEGRATION THEY NEED, THEY NEED TO MOVE TO THE CLOUD AND TO LEVERAGE THE SECURITY THAT CAN COME FROM THE CLOUD WHAT ABOUT ALL THAT SIGNAL I WAS TALKING ABOUT BEFORE? WHERE CAN WE COLLECT ALL THAT SIGNAL? WHERE CAN WE USE MACHINE LEARNING AND AI TO BE ABLE TO GO THROUGH THAT SIGNAL? THAT’S GOING TO BE IN THE CLOUD THE CLOUD IS A PLACE WHERE YOU HAVE MORE SECURE DATA STORAGE, WHERE YOU CAN HAVE IDENTITY MANAGEMENT ON THE CONTROL PLANE, AND CENTRALIZE SECURITY AND THREAT INTELLIGENCE INFORMATION SO CLOUD IS A BUSINESS IMPERATIVE, AND SECURITY IS ALSO MICROSOFT TAKES A UNIQUE APPROACH TO BEING ABLE TO PROVIDE WHAT ENTERPRISE NEED IN TERMS OF ADDITIONAL TRUST, ADDITIONAL EFFICIENCY, AND ADDITIONAL SECURITY WE DO THIS IN THREE CORE WAYS THE FIRST ONE IS INTELLIGENCE BRINGING THAT INTELLIGENCE TOGETHER, LEVERAGING IT ACROSS OUR DIFFERENT PLATFORMS THE SECOND IS IN THE PLATFORMS

ITSELF BOLT ON SECURITY HOW MANY TIMES HAVE YOU HEARD BOLT ON SECURITIES? WHO HERE THINKS BOLT ON SECURITY IS THE BEST THING, THE BEST WAY TO GO? LET’S ALL BOLT IT ON OKAY, NO, I’M GETTING SOME SMIRKS, AND I KNOW YOU, SO IT’S OKAY TO SMIRK NO, HOW DO WE DO SECURITY THE BEST? WHEN WE BUILD SECURITY IN WHEN IT’S PART OF THE PLATFORM WHEN IT GETS SIMPLIFIED AND WE CAN LEVERAGE THAT SO BUILDING IT IN ACROSS ALL LEVELS — IN THE DEVICES, IN THE HARDWARE, IF POSSIBLE, IN THE OPERATING SYSTEMS, BUILDING IT INTO EACH LAYER SO THAT IT’S EASIER TO DEPLOY, EASIER TO MANAGE, AND CAN HELP TO SIMPLIFY THE PROCESS AND THEN PARTNERSHIPS WE’VE HEARD IT FROM BARRY, WE HEARD FROM RON, PARTNERSHIPS MATTER IT MATTERS PARTNERING WITH ENTERPRISES SO WE UNDERSTAND WHAT THEY NEED AND WE CAN HELP THEM IT’S ALSO PARTNERING WITH OTHER TECHNOLOGY VENDORS WE KNOW WE’RE NOT THE ONLY TECHNOLOGY VENDOR IN THE WORLD WE KNOW OUR CUSTOMERS ARE WORKING WITH MULTIPLE VENDORS SO WE ARE WORKING WITH THOSE VENDORS TOO AS A PARTNER IN ORDER TO, AGAIN, SIMPLIFY AND CREATE THAT INTELLIGENT FABRIC FOR ORGANIZATIONS pAND WHEN WE TALK TO ENTERPRISE, ENTERPRISE IS TELLING US THAT THE MOST IMPORTANT THING FOR THEIR SECURITY READINESS IS THIS CLOUD INTELLIGENCE IT’S THE ABILITY TO SHARE THAT DATA BACK WHEN WE TALK CLOUD INTELLIGENCE, WE MEAN EVERY PART OF OUR CLOUD SO WE GET INFORMATION FROM WINDOWS, FROM BING, FROM AZURE ACTIVE DIRECTORY, AND WE EVEN BRING INFORMATION FROM XBOX FOR SECURITY INTO OUR INTELLIGENT SECURITY GRAPH HAVE YOU HEARD OF THE INTELLIGENT SECURITY GRAPH? YES, OKAY SO THE INTELLIGENT SECURITY GRAPH OFFERS UNIQUE INSIGHTS WHAT IS IT? FOR US, IT’S THE CENTRAL NERVOUS SYSTEM OF THE MICROSOFT SECURITY SOLUTION SET UNIQUE INSIGHTS LITERALLY TRILLIONS OF SIGNALS SO HERE’S THE 5 BILLION POTENTIAL THREATS I HAD TALKED ABOUT EARLIER SCAN THROUGH 18 BILLION BING PAGES EVERY MONTH, 400 BILLION EMAILS ARE ANALYZED ANONYMOUSLY THAT TOOK ME A SECOND TO GET THROUGH ANALYZED ANONYMOUSLY AND WE PROVIDE ENTERPRISE SECURITY FOR 90 PERCENT OF THE FORTUNE 500 SO WE BRING TOGETHER THE SIGNAL FROM THE INTELLIGENT SECURITY GRAPH TO PROVIDE INFORMATION THAT WILL HELP COMPANIES REMEDIATE AND DETECT PROBLEMS MORE QUICKLY THE OTHER THING THAT’S REALLY NICE ABOUT THIS GRAPH IS IT HELPS TO DEMOCRATIZE THIS INFORMATION IN THE PAST, LARGER COMPANIES AND ENTERPRISES WERE ABLE TO GET SOME LEVEL OF DEEPER INTELLIGENCE, BUT SMALLER COMPANIES WERE NOT ABLE TO AFFORD THAT LEVEL OF INTELLIGENCE SO WE CAN PROVIDE TO ALL OF OUR CUSTOMERS INFORMATION FROM THE SECURITY GRAPH BUT YOU HEAR ABOUT SPEED AND TIME AND WHAT DOES THAT REALLY MEAN? YOU CAN REMEDIATE FASTER WITH -TH E GRAPH REMEDIATE FASTER, HOW ABOUT MILLISECONDS? SO EARLIER IN THE YEAR, A CRYPTO MINING CAMPAIGN, SO IT WAS A BOT THAT GOT ONTO THE SYSTEM AND MINED CRYPTO CURRENCY THIS IS NOW A WAY TO MAKE MONEY IF YOU’RE AN ATTACKER MAYBE IT’S MORE PROFITABLE TO YOU THAN PHISHING THESE DAYS DO THE CRYPTO MINING BUT YOU NEED A LOT OF SYSTEMS TO DO IT ON ON MARCH 6, IN MILLISECONDS, 80,000 INSTANCES OF DOFOIL WERE BLOCKED, MILLISECONDS FASTER REMEDIATION, REALITY, MILLISECONDS OVER THE COURSE OF THE NEXT 12 HOURS, 400,000 WERE BLOCKED, AND WINDOWS USER WERE NOT IMPACTED BY THIS CRYPTO MINING CAMPAIGN BUT WHAT ARE WE HERE TO TALK ABOUT? HOW THE INTELLIGENT SECURITY GRAPH POWERS THE ANNOUNCEMENTS THAT WE’RE MAKING TODAY FROM MICROSOFT, AND WE’RE MAKING THEM IN THREE AREAS THAT MATTER TO THE ENTERPRISE THE ENTERPRISE HAS SAID I NEED HELP WITH THIS MAKING THOSE SMARTER CHOICES HOW DO YOU INFORM THE I.T DEPARTMENT SO THEY CAN MAKE THOSE CHOICES? THE FASTER REMEDIATION, DEALING WITH ALL OF THIS SIGNAL, AND A LOT OF IT NOISE, AND BEING ABLE TO REMEDIATE MORE QUICKLY AND THEN SIMPLER INTEGRATION CAN YOU HELP? CAN YOU BRING IT ALL TOGETHER FOR ME? CAN YOU MAKE IT SIMPLER FOR ME TO USE ACROSS A PARTNER ECOSYSTEM AND ACROSS MY MICROSOFT ESTATE? SO LET’S START WITH SMARTER CHOICES THE FIRST ONE IS SECURE SCORE

THIS IS NOW THE MICROSOFT SECURE SCORE IF YOU’VE HEARD ABOUT THE OFFICE 365 SECURE SCORE, THIS IS AN EXTENSION OF IT AND COMPANIES CAN USE IT TO MEASURE THEMSELVES AND LOOK AT HOW WELL THEIR CONTROL, WHAT KIND OF CONTROLS THEY’VE GOT IN PLACE, WHAT SECURITY THEY’VE GOT TO PLACE, AND GIVE THEM A SCORE AND THEY GET TWO SCORES ON THINGS THAT THOSE IN ENTERPRISE’S C-SUITE LOVE TO MEASURE AGAINST FIRST ONE IS HOW AM I DOING AGAINST MY PEERS? SO YOU CAN SEE I’M A FINANCIAL SERVICES ORGANIZATION I KNOW WHAT MY SECURE SCORE IS CAN YOU SHOW ME WHAT MY PEERS — YOU DON’T SEE THE NAME OF THE PEERS YOU JUST KNOW OTHER FINANCIAL SERVICES INSTITUTIONS WHAT’S THE OTHER THING MOST OF US THINK WHEN WE SEE A SCORE? HOW CAN I GET BETTER? HOW CAN I DO BETTER ON THE SCORE? SO WE ALSO PROVIDE ACTIONABLE RECOMMENDATIONS THAT COMPANIES CAN USE IN ORDER TO INCREASE THEIR SCORE THE ATTACK SIMULATOR — WE’RE ALSO ANNOUNCING AS AVAILABLE TODAY THE ATTACK SIMULATOR ALLOWS COMPANIES TO MAKE SMARTER CHOICES BY ALLOWING THEM TO SEND A PHISHING OR A RANSOMWARE CAMPAIGN A FAUX — IT’S NOT GOING TO ACTUALLY LOCK UP THEIR % SYSTEMS BUT A PHISHING CAMPAIGN OR RANSOMWARE CAMPAIGN AGAINST THEIR ORGANIZATION AND SIMULATE THE ATTACK, AND THEN EDUCATE THE USER IF THE USERS CLICK THROUGH, EDUCATE THE USERS, RAISE THEIR SECURITY AWARENESS, AND EVENTUALLY FINE TUNE THE POLICY SECOND IS REMEDIATION WE KNOW SEC-OPS HAS TOO MUCH TO GO THROUGH, TOO MUCH TO TRIAGE, AND TO INVESTIGATE IF YOU’VE GOT A SERIES OF ALERTS, HOW DO YOU KNOW WHICH ARE REAL AND WHICH AREN’T? YOU’VE GOT TO INVESTIGATE THIS CAN TAKE A LOT OF TIME, AND WE’VE GOT VERY UNDERSTAFFED SEC-OPS ORGANIZATIONS IN A LOT OF ENTERPRISES SO WITH THE UPCOMING WINDOWS 10 UPDATE, THERE’S A NEW WINDOWS DEFENDER ADVANCED THREAT PROTECTION, AUTOMATED INVESTIGATION SO YOU DON’T NEED A PERSON TO GO DOWN AND INVESTIGATE IT IT’S GOING TO DO THE AUTOMATED INVESTIGATION AND AUTOMATED REMEDIATION AND IF YOU DON’T LIKE THE AUTOMATED REMEDIATION PART, THAT’S OKAY A LOT OF — I USED TO BE A NETWORK ADMIN I ALWAYS HEAR, OH, YOU KNOW, pWHEN IT’S ON REMEDIATION, THAT’S OKAY BECAUSE WE ALSO HAVE — IF THAT’S SOMETHING THE COMPANY DOESN’T FEEL COMFORTABLE WITH AT FIRST, WE HAVE A CHECK WITH ME FUNCTION WITHIN WINDOWS DEFENDER ATP AUTOMATED INVESTIGATION AND REMEDIATION, AND AT THAT FINAL PART BEFORE THE REMEDIATION TAKES PLACE, YOU COULD DO A CHECK WITH ME WITH A HUMAN IF THAT’S SOMETHING THAT THE COMPANY CHOOSES TO DO THE INTEGRATION OF THREAT DETECTION REALLY DOES HELP WITH THIS FASTER REMEDIATION AN EXAMPLE HERE IS WITH THE EMAIL PROTECTION, LET’S SAY YOU’RE USING OFFICE 365, AN EMAIL COMES IN OFFICE 365 CHECKS THE LINK IN THE EMAIL IS IT MALICIOUS? IT’S NOT MALICIOUS, OKAY PUT IT THROUGH GETS THROUGH TO THE USER THE USER CLICKS GUESS WHAT? OFFICE IS GOING TO CHECK IT AGAIN AND THE REASON IS THAT ATTACKERS ARE SMART ENOUGH TO KNOW THAT SOMETIMES COMPANIES CHECK WHEN THE EMAIL COMES IN BUT THEY DON’T CHECK DURING CLICKS, SO WE CHECK AT CLICK FIND OUT, LET’S SAY, IT’S TURNED MALICIOUS OKAY, THAT’S MALICIOUS, THAT GETS REPORTED UP TO OFFICE ATP BUT WHAT IF YOU’VE GOT AN END USER ON WINDOWS WHO’S USING SOME OTHER EMAIL? THEY HAVE A PERSONAL EMAIL THAT THEY USE ON THEIR WINDOWS DEVICE WELL, WINDOWS DEFENDER ALSO GETS ALERTED ABOUT THAT MALICIOUS URL, SO YOU HAVE THAT INTEGRATION, AGAIN, THROUGH THE LAYERS OFFICE ATP SHARING IT WITH WINDOWS DEFENDER ATP TO PROVIDE MORE HOLISTIC PROTECTION CONDITIONAL ACCESS IS ANOTHER PIECE OF FASTER REMEDIATION SO WE’VE HAD CONDITIONAL ACCESS FOR A WHILE THIS IS WHERE YOU CAN MAKE AN ONGOING RISK ASSESSMENT OF A USER LOGGING IN AND ATTEMPTING TO GET SENSITIVE DATA BASED ON A NUMBER OF FACTORS, WHAT DEVICE THEY’RE USING, WHAT TIME OF DAY IT IS, WHICH LOCATION THEY’RE IN, IF GEOGRAPHICALLY THEY LOGGED IN FROM NEW YORK A LITTLE WHILE AGO AND NOW THEY’RE TRYING TO LOGIN TO SINGAPORE, COULD BE A LITTLE HINKY THIS IS WHAT CONDITIONAL ACCESS DOES FOR US NOW AT MICROSOFT OFFICE 365 WE ARE ADDING DEVICE LEVEL CONDITIONAL ACCESS SO WINDOWS DEFENDER ATP, IF IT REPORTS THERE’S BEEN A COMPROMISED DEVICE, THIS ALSO GOES INTO THE CONDITIONAL RISK SCORE, AND AT TIME OF LOGIN CAN BE USED TO DETERMINE WHETHER OR NOT YOU ALLOW THAT LOGIN AND CAN PREVENT A COMPROMISED MACHINE FROM ACCESSING YOUR

SENSITIVE CORPORATE DATA SIMPLIFICATION, BETTER INTEGRATION ANYBODY HERE USE THAT? YOU PROBABLY HEARD MICROSOFT IS ON A MISSION TO END THE TRADITIONAL PASSWORDS AND THE PROLIFERATION OF PASSWORDS, AND pWINDOWS HELLO IS ONE OF THE MAIN % WAYS WE’RE DOING THAT SO WE ARE ANNOUNCING TODAY THAT WITH THE LATEST WINDOWS UPDATE, WE WILL HAVE SUPPORT FOR FIDO 2.0, AND THAT’S GOING TO ALLOW CERTAIN WORK LINE INSTANCES WHERE USE CASES WHERE YOU HAVE 10, 20 DIFFERENT PEOPLE LOGGING IN TO THE SAME MACHINE, THEY CAN ALL LOGIN TO THE SAME MACHINE USING THEIR BIOMETRIC, THANKS TO THIS PARTNERSHIP AND PARTNERSHIPS ACROSS OTHER VENDORS TOO THE MICROSOFT INTELLIGENT SECURITY ASSOCIATION , AGAIN ANNOUNCING THIS TODAY, THIS IS ALL WORKING WITH OUR KEY PARTNERS TO PROVIDE BETTER SOLUTIONS, SIMPLIFIED SOLUTIONS THAT INCREASE YOUR SECURITY POSTURE SO AN EXAMPLE WOULD BE LOOK OUT ARE ENDPOINT SOLUTIONS WE HAVE WINDOWS DEFENDER ATP, BUT NOT EVERY DEVICE A COMPANY USES IS WINDOWS DEFENDER SO IF YOU’VE GOT OSX OR IOS ON YOUR iPHONE — IF IT’S ON YOUR iPHONE, IT’S GOT IOS OR IF YOU’RE USING ANDROID, OUR PARTNERS WILL REPORT THAT ENDPOINT INFORMATION UP INTO WINDOWS ATP CONSOLE, SO YOU CAN LOOK AT IT IN THE SAME CONSOLE IT’S THAT KIND OF PARTNERSHIP THAT REALLY DELIVERS WHAT ENTERPRISES ARE ASKING FOR IN TERMS OF MANAGEMENT SIMPLIFICATION AND SECURITY AND WE’RE ANNOUNCING THE MICROSOFT SECURITY GRAPH API YOU’VE HEARD ABOUT THE SECURITY GRAPH NOW HERE’S THE API THIS MEANS THAT WE CAN PARTNER WITH SOME OF OUR CORE TRUSTS TECHNOLOGY PARTNERS AND INTEGRATORS TO BE ABLE TO ALLOW THEM TO LEVERAGE ALL OF THAT INFORMATION THAT’S WITHIN THE SECURITY API AND WE’RE ALSO HOPING TO ENGAGE THE REST OF THE INDUSTRY IN USING THE INFORMATION FROM THIS API TO HELP INFORM THEIR PRODUCTS, AND, AGAIN, SPREAD INTELLIGENCE ACROSS THE ENTIRE ECOSYSTEM WE’VE GOT THREE OF THOSE PARTNERS HERE TODAY — PALO ALTO, PWC, AND ANOMALY TO SHOWCASE WHAT THEY’VE DONE WITH THE API SO FAR I’M GOING TO BE BACK IN A COUPLE OF MINUTES TO TELL YOU A LITTLE BIT MORE ABOUT THAT BUT RIGHT NOW I’M GOING TO HAND IT BACK TO BRAD BECAUSE HE HAS ONE MORE VERY EXCITING ANNOUNCEMENT >> THANK YOU, DIANA I WANT TO TURN TO WHAT I THINK IS THE BIGGEST ANNOUNCEMENT THAT WE HAVE TODAY, WHICH IS AZURE SPHERE I JUST WANT TO GIVE YOU A LITTLE BIT OF CONTEXT, AND LET ME PICK UP WHERE I LEFT OFF BEFORE IT REALLY IS A NEW WORLD IT’S A WORLD WHERE WE’RE SEEING INTERNET ATTACKS EVERY DAY ON ALL OF THE CONNECTED DEVICES THAT ARE RUNNING ACROSS THE PLANET IT’S A WORLD WHERE WE’RE STARTING TO SEE JUST HOW SERIOUS THE DAMAGE CAN BE WHEN THESE pATTACKS TAKE PLACE IT WAS IN 2016 THAT THE MARAI ATTACK BASICALLY ENABLED HACKERS TO TAKE CONTROL OF 100,000 DEVICES AND USE IT TO LAUNCH A DDOS ATTACK BY TURNING THOSE DEVICES INTO PART OF A BOTNET IT WAS AN ATTACK THAT ON A SINGLE DAY BASICALLY TOOK THE EAST COAST OF THE UNITED STATES OFF OF THE INTERNET IT IS THAT KIND OF PROSPECT THAT WE HAVE TO TAKE NEW STEPS TO GUARD AGAINST IT’S EVEN MORE IMPORTANT WHEN WE PUT THIS IN THE CONTEXT OF THE WORLD THAT WE’RE ENTERING THAT LITERALLY IS POWERED BY BILLIONS OF THESE MCU s, THE MICROCONTROL UNITS THAT I SPOKE ABOUT BEFORE THERE’S GOING TO BE 9 BILLION OF THESE MCU-BASED DEVICES SHIPPED THIS YEAR THINK ABOUT THAT FOR EVERY PERSON ON THE PLANET, THERE WILL BE MORE THAN ONE OF THESE MCU DEVICES SHIPPED THEY LITERALLY WILL BE IN THE TOYS OF OUR CHILDREN THEY LITERALLY WILL BE IN OUR KITCHENS AND OUR REFRIGERATORS THEY WILL BE IN EVERY ROOM IN OUR HOUSE ALREADY, IF IT YOU HAVE A DEVICE AT HOME THAT HAS A BUTTON OR A STATUS LIGHT OR IT DOES SOMETHING THAT TURNS ON BUT LACKS A HIGH RES COLOR DISPLAY, IT HAS AN MCU NOW, TODAY FEWER THAN 1 PERCENT OF THOSE MCUs ARE CONNECTED TO A NETWORK OR THE INTERNET, BUT THAT IS CHANGING, AND IT’S GOING TO CONTINUE TO CHANGE AND WHAT IT FUNDAMENTALLY MEANS IS OUR HOMES AND OUR OFFICES AND

THE INFRASTRUCTURE OF THE FUTURE WILL LITERALLY BE ONLY AS SECURE AS THE WEAKEST LINK IF WE’RE GOING TO ADDRESS THAT SECURITY IN AN EFFECTIVE WAY, WE NEED TO REALLY BUILD SECURITY FROM THE CHIP ALL THE WAY UP TO THE CLOUD AND THAT’S ONE OF THE REASONS WE’RE BUILDING ON THE EXPERTISE WE’VE HAD FOR SO MANY YEARS AT MICROSOFT NOT JUST A SOFTWARE THAT YOU THINK ABOUT WITH PRODUCTS LIKE WINDOWS AND OFFICE, BUT THE KINDS OF SECURITY STEPS THAT WE’VE BEEN TAKING FOR 15 YEARS AT THE CHIP LEVEL TO SECURE DEVICES LIKE THE XBOX WHAT WE’RE DOING TODAY WITH OUR AZURE SPHERE ANNOUNCEMENT IS REALLY GOING WHERE NO COMPANY HAS GONE BEFORE AND IT REALLY STARTS, ABOVE ALL ELSE, WITH ONE VERY IMPORTANT PROPOSITION AS WE THINK ABOUT THESE DEVICES, WE NEED TO TAKE CYBER SECURITY FROM AN ART TO A SCIENCE, AND THAT’S WHAT OUR RESEARCHERS HAVE BEEN DOING AS WE THINK ABOUT WHAT IT TAKES TO ENSURE THAT THESE BILLIONS OF DEVICES ARE SECURE, WE’VE DEVELOPED SEVEN PRIORITIES, SEVEN PROPERTIES, IF YOU WILL SEVEN PROPERTIES THAT CAN ONLY BE ADVANCED EFFECTIVELY IF WE FOCUS ON CYBERSECURITY AT THE HARDWARE LEVEL, AT THE SOFTWARE LEVEL, AND AT THE SERVICE LEVEL IN THE CLOUD SO LET ME TAKE A COUPLE OF MOMENTS AND WALK YOU THROUGH EACH OF THESE SEVEN AND WHY THEY’RE SO IMPORTANT AND WHAT THEY MEAN FIRST, IT STARTS WITH ENSURING THAT THERE IS A HARDWARE ROOT OF TRUST LET ME GO BACK THERE AND WHAT THAT MEANS IS THAT WE’RE ABLE TO PROTECT THE SECRETS, THE INFORMATION ON THE DEVICE, WITH HARDWARE THAT HAS PHYSICAL COUNTERMEASURES AGAINST SIDE CHANNEL ATTACKS IF YOU HAVE BEEN FOLLOWING, AS WE ALL HAVE, THE EVENTS OF THIS YEAR, WE’VE ALL LEARNED ABOUT THE IMPORTANCE OF SIDE CHANNEL ATTACKS AT THE CHIP LEVEL SO WE NEED TO START WITH PROTECTION AT THE CHIP LEVEL TO PROTECT AGAINST THESE KINDS OF SIDE CHANNEL ATTACKS SO WE DO THAT WITH PROTECTION AT THE HARDWARE LAYER THE SECOND PROPERTY WE REALLY NEED IS WHAT WE CALL DEFENSE IN DEPTH FUNDAMENTALLY THAT MEANS THERE ARE MULTIPLE MITIGATION AND RESPONSES TO ATTACKS OR BREACHES, NOT A SINGLE LINE OF DEFENSE AND WE DO THAT BY BUILDING IN THESE LINES OF DEFENSE AT BOTH THE HARDWARE AND THE SOFTWARE LEVEL AT THE OPERATING SYSTEM LEVEL THE THIRD PROPERTY IS REALLY A FOCUS ON HAVING A SMALL TRUSTED COMPUTING BASE I’LL GIVE YOU AN EXAMPLE WHAT IT MEANS IS YOU CAN HAVE PRIVATE KEYS STORED IN HARDWARE PROTECTED VAULTS THAT ARE INACCESSIBLE TO SOFTWARE SO IF YOU’RE TRYING TO LAUNCH A SOFTWARE-BASED ATTACK, YOU FIND THAT THE SOFTWARE CANNOT ACCESS THESE PRIVATE KEYS AT ALL THE FOURTH IS HAVING DYNAMIC COMPARTMENTS WHAT THAT MEANS IS ONE IS HAVING HARDWARE ENFORCED BOUNDARIES THAT REALLY PREVENT BREACHES IN ONE SOFTWARE COMPARTMENT TO GOING TO ANOTHER SOFTWARE COMPONENT SO YOU CAN SEE THIS IS ANOTHER AREA WHERE HARDWARE AND SOFTWARE PROTECTION AND INNOVATION REALLY NEED TO COME TOGETHER AND THEN THERE’S THREE PROPERTIES THAT ONE CAN ADDRESS EFFECTIVELY ONLY IF WE TAKE EFFECTIVE ACTION AT THE HARDWARE, THE SOFTWARE, AND THE CLOUD-BASED LEVEL THE FIRST OF THESE IS ABOUT CERTIFICATES WE’VE INCREASINGLY BECOME, I THINK, USED TO THESE IN MANY INSTITUTIONS, CERTAINLY LARGE ENTERPRISES, BUT THE NOTION OF RELYING ON CERTIFICATES INSTEAD OF PASSWORDS TO ESTABLISH IDENTITY FOR MUTUAL AUTHENTICATION, AND WE CAN DO THAT BY COMBINING THESE ADVANCES AT ALL THREE OF THESE LAYERS THE NEXT IS ABOUT ONLINE FAILURE REPORTING, AND WHEN YOU THINK ABOUT THIS, IT JUST IS OBVIOUSLY FUNDAMENTAL WHEN THERE’S AN ATTACK THAT RESULTS IN A FAILURE, WE NEED THE ABILITY TO GENERATE A REPORT ABOUT THAT FAILURE AUTOMATICALLY AND INSTANTANEOUSLY TO A FAILURE ANALYSIS SYSTEM AND GINLLY, SOME SOME WAYS TO MAKE THIS WORK IS THE ABILITY TO PROVIDE AN UPDATE TO EVEN THE SMALLEST DEVICE ON THE PLANET SO THAT SECURITY AND A SECURE STATE CAN BE UPDATED AUTOMATICALLY THE FUNDAMENTAL FACT OF LIFE IS THIS IF WE’RE GOING TO ENSURE THAT THESE BILLIONS OF DEVICES ARE PROTECTED IN PEOPLE’S HOMES AND AROUND THE WORLD, WE NEED TO ADDRESS EVERY ONE OF THESE SEVEN PROPERTIES AND EACH OF THESE THREE LAYERS IS NEEDED TO ENSURE WE DO THE JOB THE WORLD REQUIRES OF US WHAT WE’RE ANNOUNCING TODAY IS AZURE SPHERE IT IS AN END TO END IOT SOLUTION IT GOES WHERE, AS I SAID, NO COMPANY HAS GONE BEFORE BY

ADDRESSING EACH OF THESE SEVEN PROPERTIES AND DOING SO AT THESE THREE DIFFERENT LAYERS THE AZURE SPHERE HAS THREE DIFFERENT PIECES I’LL TALK ABOUT EACH AND BUT IN BRIEF, IT HAS THE AZURE SPHERE CERTIFIED MCUs, THE NEW CHIPS IT HAS AN OPERATING SYSTEM, THE AZURE SPHERE OPERATING SYSTEM AND IT HAS A CLOUD SERVICE, THE AZURE SPHERE SECURITY SERVICE SO LET ME GIVE YOU A LITTLE BIT OF INFORMATION ABOUT EACH OF THESE THE FIRST IS THE AZURE SPHERE MCUs THIS IS A NEW CLASS OF MCUs IT IS FIVE TIMES AS POWERFUL AS LEGACY MCUs WHEN WE’RE TALKING ABOUT AN MCU, WE’RE TALKING ABOUT SOMETHING THAT IS LITERALLY A COMPUTER ON A CHIP THAT IS AS SMALL AS SOMEBODY’S FINGER TIP AND AS YOU CAN SEE, IT’S AS THIN AS SOMEBODY’S FINGERTIP THE RESEARCHERS AT MICROSOFT RESEARCH HAVE MADE ADVANCES TO STRENGTHEN THE POWER OF THESE CHIPS AND TO PUT THAT POWER TO WORK TO PROTECT PEOPLE’S SECURITY AROUND THE WORLD IN FACT, WHAT WE’RE DOING TO JUMPSTART THIS NEW ECOSYSTEM THAT WE SO CLEARLY NEED IS TO LICENSE THIS TECHNOLOGY AND INTELLECTUAL PROPERTY ROYALTY-FREE TO ANY SILICON MANUFACTURER THAT WANTS TO BUILD THESE NEW AZURE SPHERE CHIPS IN FACT, ALREADY MEDIA TECH IS STARTING TO FABRICATE THESE CHIPS THESE CHIPS WILL BE SHIPPED IN 2018 MORE PARTNERS WILL FOLLOW AND WHAT WE’VE BEEN ABLE TO DO WITH THESE HARDWARE ADVANCES IS REALLY ENGINEER SECURITY AT THE ROOT, AT THE CHIP LEVEL, IN THREE WAYS FIRST, WE’RE PUTTING THIS INCREASED POWER TO WORK WITH CONNECTED, BUILT-IN NETWORKING THAT IS OBVIOUSLY A PREREQUISITE FOR THESE SECURITY ADVANCES THE SECOND IS WE’RE SECURING THIS WITH THE SILICON TECHNOLOGIES THAT WE PIONEERED IN XBOX SILICON TECHNOLOGIES THAT MAKE THE CHIP MORE SECURE AND THIRD, WE’VE ADDED CROSSOVER PROCESSING CAPABILITIES, CAPABILITIES THAT REALLY ENABLE AMBIENT INTELLIGENCE IN AN MCU PACKAGE FOR THE VERY FIRST TIME SO IF THE ONLY THING WE WERE TALKING ABOUT TODAY IS THIS NEW STEP TO ADVANCE SECURITY AT THE CHIP LEVEL, I THINK WE WOULD BE DOING SOMETHING IMPORTANT, BUT THAT WOULD NOT BE A COMPLETE SOLUTION WE NEED THE OTHER TWO PIECES OF AZURE SPHERE AS WELL SO THE SECOND IS REALLY THE AZURE SPHERE OPERATING SYSTEM THIS IS A NEW OPERATING SYSTEM IT’S BASED ON A CUSTOM LINUX KERNEL A CUSTOM LINUX KERNEL THAT HAS REALLY BEEN OPTIMIZED FOR AN IOT ENVIRONMENT AND IS REWORKED WITH SECURITY INNOVATIONS PIONEERED IN WINDOWS OF COURSE WE ARE A WINDOWS COMPANY, BUT WHAT WE’VE RECOGNIZED IS THE BEST SOLUTION FOR A COMPUTER OF THIS SIZE IN A TOY IS NOT A FULL BLOWN VERSION OF WINDOWS, IT IS WHAT WE ARE CREATING HERE IT IS A CUSTOM LINUX KERNEL COMPLEMENTED BY THE KINDS OF ADVANCES THAT WE HAVE CREATED IN WINDOWS ITSELF FOR ANYBODY WHO HAS BEEN FOLLOWING MICROSOFT, I’M SURE YOU’LL RECOGNIZE THAT AFTER 43 YEARS THIS IS THE FIRST DAY THAT WE’RE ANNOUNCING THAT WE’LL BE DISTRIBUTING A CUSTOM LINUX KERNEL IT’S AN IMPORTANT STEP FOR US IT’S AN IMPORTANT STEP, I THINK, FOR THE INDUSTRY AND IT WILL ENABLE US TO STAND BEHIND THE TECHNOLOGY THE WAY I BELIEVE THE WORLD NEEDS BECAUSE WHAT WE WILL DO IS ENSURE THAT THESE DEVICES ARE SECURED THROUGHOUT THEIR TEN-YEAR LIFETIME WITH THE CONTINUING IMPROVEMENTS AND UPDATING TO THE AZURE SPHERE OPERATING SYSTEM OF COURSE, THAT IS POSSIBLE ONLY BECAUSE OF THE THIRD PIECE, WHICH IS THE SECURITY SERVICE, THE CLOUD-BASED SERVICE THIS IS A SERVICE THAT WILL GUARD EVERY AZURE SPHERE DEVICE IT WILL BROKER TRUST FOR DEVICE TO DEVICE AND DEVICE TO CLOUD COMMUNICATIONS IT WILL DETECT EMERGING THREATS, AND CRITICALLY IT CAN AND WILL RENEW SECURITY THE WAY OUR CUSTOMERS NEED IF YOU LOOK AT WHAT WE’RE DOING WITH THIS AZURE SPHERE SECURITY SERVICE, WE’RE REALLY ABLE TO TAKE THOSE PROPERTIES THAT I DESCRIBED AND MAKE THEIR ADVANCES REAL SO AS YOU SAW, WHEN I TALKED ABOUT CERTIFICATION AND AUTHENTICATION, BECAUSE WE HAVE THIS SERVICE, WE’RE ABLE TO USE CERTIFICATE-BASED AUTHENTICATION FOR ALL COMMUNICATIONS WE’RE ABLE TO USE THE AUTOMATED PROCESSING OF ON DEVICE FAILURES TO DETECT EMERGING SECURITY THREATS WE’RE ABLE TO RESPOND WITH

THREATS, WITH FULLY AUTOMATED, ON-DEVICE UPDATES OF THE OPERATING SYSTEM AND APPLICATIONS THERE’S ANOTHER CRITICAL ASPECT OF WHAT WE’RE DOING WITH THE SECURITY SERVICE THAT WE’RE MAKING PART OF AZURE SPHERE, AND IT TOO REFLECTS FRANKLY, A NEW WAY OF WORKING WHAT WE’RE DOING IS WE’RE MAKING THIS SERVICE COMPATIBLE, NOT ONLY WITH AZURE AS A SERVICE, BUT WITH CUSTOMERS OTHER LEGACY OR PROPRIETARY OR CLOUD-BASED SERVICES SO IF A CUSTOMER WANTS TO CONTINUE TO INTEGRATE THESE MCU-BASED DEVICES WITH AWS OR THE GOOGLE CLOUD OR CLOUD SERVICES FROM IBM OR ORACLE OR ALIBABA OR LITERALLY ANYONE ELSE, THEY CAN DO THAT IN ESSENCE, WHEN YOU REALLY STEP BACK AND THINK ABOUT THIS, THIS ANNOUNCEMENT, I THINK, REFLECTS TWO THINGS THAT ARE VERY FUNDAMENTAL THE FIRST IS THE ABILITY TO TAKE CYBER SECURITY TO THE EDGE OF AND MORE VULNERABLE IF WE DO NOT TAKE THESE KINDS OF STEPS BUT THE SECOND THING IT REALLY DOES IS IT ENABLES US AS A COMPANY TO PUT SECURITY FIRST WE’RE WORKING WITH OPERATING SYSTEM TECHNOLOGY IN NEW WAYS TO DO THAT WE’RE WORKING WITH OUR COMPETITOR SERVICES IN NEW WAYS TO DO THAT WE’RE WORKING WITH HARDWARE COMPANIES ACROSS THE CHIP ECOSYSTEM IN NEW WAYS TO DO THAT AND WE’RE DOING IT IN WAYS THAT SHARE TECHNOLOGY AND INTELLECTUAL PROPERTY IN NEW WAYS AS WELL I DO BELIEVE THAT IT ENABLES US TO MAKE AN IMPORTANT CONTRIBUTION TO WHAT THE WORLD NEEDS FROM US, AND THAT IS TO WORK WITH EVERYONE TO PUT SECURITY FIRST AND HELP TO CREATE A SAFER WORLD SO THANK YOU NOW LET METURN IT BACK TO DIANA >> THANK YOU, BRAD SEE, I TOLD YOU THAT WAS EXCITING, RIGHT? THAT WAS VERY COOL WHO WAS SURPRISED BY HEARING LINUX? COME ON, I WAS WHEN I HEARD IT THE FIRST TIME SO IT’S REALLY GREAT TO HEAR, AND THANK YOU SO MUCH FOR YOUR ATTENTION BUT WE UNDERSTAND THAT SOMETIMES IT REALLY HAS — TECHNOLOGY HAS TO BE INTERACTED WITH SO WHAT WE’VE GOT HERE IS THE ABILITY FOR YOU TO EXPERIENCE THE NEWS YOURSELF AND TO REALLY TALK TO THE TRUE DEEP