Enterprise And Server Enterprise And Server Use Of BitLocker™ Use Of BitLocker™ Drive EncryptionDrive Encryption

Stephen HeilStephen HeilTechnical EvangelistTechnical EvangelistWindows Core OSWindows Core OSMicrosoft CorporationMicrosoft Corporation

Xian KeXian KeProgram ManagerProgram ManagerWindows System IntegrityWindows System IntegrityMicrosoft CorporationMicrosoft Corporation

AgendaAgenda

Remote and branch office server scenariosRemote and branch office server scenarios

BitLocker™ Drive Encryption overviewBitLocker™ Drive Encryption overview

Protection and recovery scenariosProtection and recovery scenarios

DemoDemo

Management scenariosManagement scenarios

Management featuresManagement features

Enterprise concernsEnterprise concerns

BitLocker™ requirements for Windows BitLocker™ requirements for Windows Server codenamed “Longhorn” Server codenamed “Longhorn”

SummarySummary

The U.S. Dept of Justice estimates that intellectual The U.S. Dept of Justice estimates that intellectual property theft cost enterprises $250 billion in 2004property theft cost enterprises $250 billion in 2004Loss of revenue, market capitalization, and Loss of revenue, market capitalization, and competitive advantagecompetitive advantage

The U.S. Dept of Justice estimates that intellectual The U.S. Dept of Justice estimates that intellectual property theft cost enterprises $250 billion in 2004property theft cost enterprises $250 billion in 2004Loss of revenue, market capitalization, and Loss of revenue, market capitalization, and competitive advantagecompetitive advantage

Information Loss is CostlyInformation Loss is CostlyInformation loss – whether via theft or accidental Information loss – whether via theft or accidental leakage – is costly on several levelsleakage – is costly on several levels

Leaked executive e-mails can be embarrassingLeaked executive e-mails can be embarrassingUnintended forwarding of sensitive information can Unintended forwarding of sensitive information can adversely impact the company’s image and/or adversely impact the company’s image and/or credibilitycredibility

Leaked executive e-mails can be embarrassingLeaked executive e-mails can be embarrassingUnintended forwarding of sensitive information can Unintended forwarding of sensitive information can adversely impact the company’s image and/or adversely impact the company’s image and/or credibilitycredibility

Increasing regulation: SOX, HIPAA, GLBAIncreasing regulation: SOX, HIPAA, GLBABringing a company into compliance can be complex Bringing a company into compliance can be complex and expensiveand expensiveNon-compliance can lead to significant legal fees, Non-compliance can lead to significant legal fees, fines and/or settlementsfines and/or settlements

Increasing regulation: SOX, HIPAA, GLBAIncreasing regulation: SOX, HIPAA, GLBABringing a company into compliance can be complex Bringing a company into compliance can be complex and expensiveand expensiveNon-compliance can lead to significant legal fees, Non-compliance can lead to significant legal fees, fines and/or settlementsfines and/or settlements

FinancialFinancialFinancialFinancial

Image & Image & CredibilityCredibilityImage & Image &

CredibilityCredibility

Legal & Legal & Regulatory Regulatory ComplianceCompliance

Legal & Legal & Regulatory Regulatory ComplianceCompliance

Branch Office ChallengesBranch Office Challenges

Theft of server and/or its hard drivesTheft of server and/or its hard drives

Re-provision or decommission of serverRe-provision or decommission of serveror its hard drivesor its hard drives

Data theft via disk cloning by maintenance Data theft via disk cloning by maintenance and outsourcing techniciansand outsourcing technicians

Secure deployment of a fully configured Secure deployment of a fully configured machine shipped to remote locationmachine shipped to remote location

Data-at-rest on Branch Office Servers Data-at-rest on Branch Office Servers needs protection!needs protection!

Branch Office ServerBranch Office ServerClass SystemsClass Systems

More than 25% of Windows Servers are installed More than 25% of Windows Servers are installed in branch offices and remote locations where in branch offices and remote locations where physical security may be laxphysical security may be lax

RetailRetail

FinanceFinance

InsuranceInsurance

Typical hardwareTypical hardware1P and 2P pedestal systems1P and 2P pedestal systems

RAIDRAID

BitLockerBitLocker™™ And TPM Features And TPM Features

BitLocker™ Drive EncryptionBitLocker™ Drive EncryptionEncrypts entire volumeEncrypts entire volume

Uses Trusted Platform Uses Trusted Platform Module (TPM) v1.2 to validate Module (TPM) v1.2 to validate pre-OS componentspre-OS components

Customizable protection and Customizable protection and authentication methodsauthentication methods

Pre-OS ProtectionPre-OS ProtectionUSB startup key, PIN, and USB startup key, PIN, and TPM-backed authenticationTPM-backed authentication

Single Microsoft TPM DriverSingle Microsoft TPM DriverImproved stability and securityImproved stability and security

TPM Base Services (TBS) TPM Base Services (TBS) Enables third party applicationsEnables third party applications

Active Directory BackupActive Directory BackupAutomated key backup to Automated key backup to AD serverAD server

Group Policy supportGroup Policy support

Scriptable InterfacesScriptable InterfacesTPM managementTPM management

BitLocker™ managementBitLocker™ management

Command-line toolCommand-line tool

1-Factor TPM-Only 1-Factor TPM-Only Protection ScenarioProtection Scenario

Transparently Transparently validates earlyvalidates earlyboot componentsboot componentson OS startupon OS startup

Best ease of useBest ease of use

Protects againstProtects againstSW-only attacksSW-only attacks

Vulnerable toVulnerable tosome HW attackssome HW attacks

Cleartext data

Volume Encryption Key

(FVEK)

Decryption performed on

data using FVEK

Unseal performed on VMK by TPM

Da

ta

FVEK

TPM

VM

K

En

cryp

ted

Dis

k S

ect

ors

Encrypted Volume

---------------------------

Disk

Cleartext data

Volume Encryption Key

(FVEK)

Decryption performed on

data using FVEK

Unseal performed on

VMK D

ata

FVEK

TPM

TPM Key

VM

K

Enc

rypt

ed D

isk

Sec

tors

Encrypted Volume

PIN

---------------------------

2-Factor TPM+PIN2-Factor TPM+PINProtection ScenarioProtection Scenario

Must enter 4-20Must enter 4-20digit PIN on OS startupdigit PIN on OS startup

Validates PIN and early Validates PIN and early boot componentsboot components

Protects against Protects against software-only and many software-only and many hardware attackshardware attacks

Vulnerable to TPM Vulnerable to TPM breaking attacksbreaking attacks

2-Factor TPM+Startup Key 2-Factor TPM+Startup Key Protection ScenarioProtection Scenario

Looks for USB flash Looks for USB flash drive with Startup drive with Startup KeyKeyValidates saved key Validates saved key and early boot and early boot componentscomponentsProtects against Protects against many HW attacksmany HW attacksProtects against Protects against TPM attacksTPM attacks

Disk

Cleartext data

Volume Encryption Key

(FVEK)Decryption performed on

data using FVEK

Unseal performed on VMK

FVEK

TPM

Inte

rmed

iate

key

Enc

rypt

ed d

isk

sect

ors

Encrypted Volume

USB device with Startup

Key

Combining keys by using XOR

VM

K

---------------------------

Startup KeyStartup KeyProtection ScenarioProtection Scenario

Looks for USB Looks for USB with Startup Keywith Startup Key

Validates Validates saved keysaved key

Protects against Protects against many HW attacksmany HW attacks

Vulnerable to Vulnerable to lost token and lost token and pre-OS attackspre-OS attacks

Disk

Cleartext Data

Volume Encryption Key

(FVEK)

Decryption performed on

data using FVEK

Dat

a

FVEK

Enc

rypt

ed d

isk

sect

ors

Encrypted Volume

USB device with Startup Key

Decrypting of the VMK

VM

K

---------------------------

Recovery KeyRecovery Key Scenario Scenario

Looks for Looks for USB with USB with Recovery KeyRecovery Key

Validates Validates saved keysaved key

Unlocks Unlocks volume to volume to enable enable decryptiondecryption

Disk

Cleartext Data

Volume Encryption Key

(FVEK)

Decryption performed on

data using FVEK

Dat

a

FVEK

Enc

rypt

ed d

isk

sect

ors

Encrypted Volume

USB device with RK

RK

Decrypting of the VMK

VM

K

---------------------------

Encrypted VMK

Recovery Password ScenarioRecovery Password Scenario

Prompts user Prompts user to enter to enter Recovery Recovery PasswordPassword

Validates Validates PasswordPassword

Unlocks volume Unlocks volume to enable to enable decryptiondecryption

Cleartext Data

Volume Encryption Key (FVEK)

Decryption performed on

data using FVEK

Da

ta

FVEK

En

cryp

ted

dis

k se

ctor

s

Encrypted Volume

Recovery password

F-key password obtained from Admin

Decryption of the VMK using the

password

VM

K

---------------------------

Encrypted V

MK

Protection For Data VolumesProtection For Data Volumes

Definition: A data volume is a BitLocker-capable volume Definition: A data volume is a BitLocker-capable volume without the current OSwithout the current OS

Automatic unlockingAutomatic unlockingTransparently read encrypted data volumes Transparently read encrypted data volumes

Save unlock keys on the BitLocker-protected OS volumeSave unlock keys on the BitLocker-protected OS volume

Inherited protectionInherited protectionGain TPM-based protection from the OS volume Gain TPM-based protection from the OS volume

No need to manage new startup PINs or startup keysNo need to manage new startup PINs or startup keys

Recover volumesRecover volumesUnlock access with a numerical password or external keyUnlock access with a numerical password or external key

Decommission volumesDecommission volumesReduce data exposure by wiping stored BitLocker keysReduce data exposure by wiping stored BitLocker keys

Integrated into FORMAT in Windows Vista RC1 Integrated into FORMAT in Windows Vista RC1

BitLocker™ And BitLocker™ And Data VolumesData Volumes

Server and client managementServer and client managementUnlocking and auto-unlockingUnlocking and auto-unlocking

BitLockerBitLocker™™ Management Scenarios Management Scenarios

Turn on and off BitLocker protectionTurn on and off BitLocker protection

View BitLocker status indicatorsView BitLocker status indicators

View and manage key protectors for the View and manage key protectors for the volume’s encryption keyvolume’s encryption key

Temporarily disable protectors Temporarily disable protectors without decryptionwithout decryption

Unlock and recover encrypted volumesUnlock and recover encrypted volumes

Set up automatic unlocking of data volumesSet up automatic unlocking of data volumes

Decommission volumesDecommission volumes

TPM Management ScenariosTPM Management Scenarios

Initialize TPM to work with BitLocker Initialize TPM to work with BitLocker and other appsand other apps

Turn on and manage the TPM with Turn on and manage the TPM with “physical presence” assertions“physical presence” assertions

View TPM status and manufacturer informationView TPM status and manufacturer information

View all available TPM commands View all available TPM commands and descriptionsand descriptions

Block and allow TPM commandsBlock and allow TPM commands

BitLockerBitLocker™ Status Indicators™ Status Indicators

Conversion statusConversion statusFully encryptedFully encryptedEncryption/decryption in progress, encryption percentageEncryption/decryption in progress, encryption percentageEncryption/decryption paused, encryption percentageEncryption/decryption paused, encryption percentageFully decryptedFully decrypted

Protection statusProtection statusProtection On: Fully encrypted and key protectors enabledProtection On: Fully encrypted and key protectors enabledProtection OffProtection Off

Lock statusLock statusUnlocked: Encrypted data is accessibleUnlocked: Encrypted data is accessibleLocked: Needs recovery to access dataLocked: Needs recovery to access data

BitLocker Key ProtectorsBitLocker Key Protectors

+ PIN+Key

256 Bit

Password sequencePassword sequence

Key256 Bit

TPM And PINTPM And PINTPMTPM TPM And Startup KeyTPM And Startup Key

Key256 Bit

Key256 Bit

Password sequence

Numerical PasswordNumerical PasswordExternal KeyExternal Key

(OS volume only)(OS volume only) (OS volume only)(OS volume only)(OS volume only)(OS volume only)

Available Management FeaturesAvailable Management Features

BitLocker management featuresBitLocker management featuresControl Panel integrationControl Panel integration

BitLocker setup and key management wizardsBitLocker setup and key management wizards

Scriptable WMI provider interfaceScriptable WMI provider interface

Command-line tool: manage-bde.wsfCommand-line tool: manage-bde.wsf

TPM management featuresTPM management featuresMicrosoft Management Console (MMC) snap-in Microsoft Management Console (MMC) snap-in

TPM initialization and management wizards TPM initialization and management wizards

BIOS integration for physical presenceBIOS integration for physical presence

Scriptable WMI provider interfaceScriptable WMI provider interface

Remote management functionalityRemote management functionality

Sample scripting solutionsSample scripting solutions

Managing KeysManaging Keys

Control panel optionsControl panel optionsDuplicate the recovery passwordDuplicate the recovery password

Duplicate the recovery key Duplicate the recovery key

Duplicate the recovery key to a folderDuplicate the recovery key to a folder

Duplicate the startup key Duplicate the startup key

Reset the PINReset the PIN

Command-line and scripting optionsCommand-line and scripting optionsAll control panel optionsAll control panel options

List, add, remove any key protectors, including List, add, remove any key protectors, including recovery passwords and recovery keysrecovery passwords and recovery keys

Managing Data VolumesManaging Data Volumes

Turning on automatic unlocking in Windows Server LonghornTurning on automatic unlocking in Windows Server LonghornFirst turn on BitLocker protection for the OS volumeFirst turn on BitLocker protection for the OS volumeCreate an external key on the data volumeCreate an external key on the data volumeEnable autounlock to save a key onto the current OS volumeEnable autounlock to save a key onto the current OS volumeStart encryption before or after enabling automatic unlockingStart encryption before or after enabling automatic unlocking

Managing automatic unlocking in Windows Server LonghornManaging automatic unlocking in Windows Server LonghornDetermine autounlock statusDetermine autounlock statusDisable autounlockDisable autounlockClear autounlock keys before decrypting the BitLocker-protectedClear autounlock keys before decrypting the BitLocker-protectedOS volumeOS volume

Other data volume management tasks Other data volume management tasks (Windows Vista and Windows Server Longhorn)(Windows Vista and Windows Server Longhorn)

Unlocking a BitLocker-protected volume Unlocking a BitLocker-protected volume Lock a BitLocker-protected volumeLock a BitLocker-protected volumeTurn off BitLocker protection on a volume Turn off BitLocker protection on a volume

BitLockerBitLocker™™ And TPM Group Policy And TPM Group Policy

BitLocker Group Policy configurationsBitLocker Group Policy configurationsTurn on BitLocker backup to Active Directory Domain ServicesTurn on BitLocker backup to Active Directory Domain Services

Configure setup wizard experienceConfigure setup wizard experience(Default is display all available startup and recovery options)(Default is display all available startup and recovery options)

Configure disk encryption methodConfigure disk encryption method(Default is AES 128 bit with Diffuser)(Default is AES 128 bit with Diffuser)

Configure TPM platform validation profile Configure TPM platform validation profile (Default is PCR 0, 2, 4, 5, 8-11)(Default is PCR 0, 2, 4, 5, 8-11)

TPM Group Policy configurationsTPM Group Policy configurationsTurn on TPM backup to Active Directory Domain ServicesTurn on TPM backup to Active Directory Domain Services

Configure the blocked TPM commands Configure the blocked TPM commands (Default list of blocked commands include TPM_PCR_Reset, (Default list of blocked commands include TPM_PCR_Reset, TPM_Extend, and TPM_Quote)TPM_Extend, and TPM_Quote)

Enterprise BackupEnterprise Backup

BitLocker setup can automatically back up recovery BitLocker setup can automatically back up recovery password to Active Directorypassword to Active Directory

BitLocker setup will not continue if backup step failsBitLocker setup will not continue if backup step fails

Can also back up BitLocker key package for specialized recovery Can also back up BitLocker key package for specialized recovery (coming in Windows Vista RC1) (coming in Windows Vista RC1)

TPM ownership step can automatically back up TPM TPM ownership step can automatically back up TPM owner password hash to Active Directoryowner password hash to Active Directory

Active Directory requirementsActive Directory requirementsWindows Server 2003 SP1, R2, or Windows Server LonghornWindows Server 2003 SP1, R2, or Windows Server Longhorn

Schema extension for storing recovery informationSchema extension for storing recovery information

Configure access control permissions to write to ADConfigure access control permissions to write to AD

Configure Group Policy settingsConfigure Group Policy settings

Enterprise RecoveryEnterprise Recovery

Self-recovery with USB recovery key or known Self-recovery with USB recovery key or known recovery passwordrecovery password

Help desk-assisted recovery to retrieve stored Help desk-assisted recovery to retrieve stored passwords from Active Directorypasswords from Active Directory

BitLocker recovery screen displays computer name BitLocker recovery screen displays computer name and password ID that can unlock disk accessand password ID that can unlock disk access

Help desk verifies user identity, even over the phone Help desk verifies user identity, even over the phone for in-the-field recoveryfor in-the-field recovery

Given a computer name, find the recovery passwords Given a computer name, find the recovery passwords for all disk volumesfor all disk volumes

Given a Password ID, find the recovery password that Given a Password ID, find the recovery password that can unlock the volumecan unlock the volume

Enterprise DeploymentEnterprise Deployment

Enterprises will integrate BitLocker Enterprises will integrate BitLocker deployment steps into existing OSdeployment steps into existing OSand software distribution infrastructureand software distribution infrastructure

Enterprises will evaluate hardware Enterprises will evaluate hardware manufacturers usingmanufacturers using

Windows Logo Program requirementsWindows Logo Program requirements

BitLocker feature requirements BitLocker feature requirements

BitLocker best practice recommendationsBitLocker best practice recommendations

Enterprise security policies Enterprise security policies

Enterprise deployment requirementsEnterprise deployment requirements

BitLocker™ Server RequirementsBitLocker™ Server Requirements

Trusted Platform Module (TPM) v1.2Trusted Platform Module (TPM) v1.2Provides platform integrity measurement and reportingProvides platform integrity measurement and reportingTPM 1.2 Spec: TPM 1.2 Spec: https://www.trustedcomputinggroup.org/specs/TPM/https://www.trustedcomputinggroup.org/specs/TPM/Requires platform support for TPM 1.2 Interface Specification (TIS)Requires platform support for TPM 1.2 Interface Specification (TIS)Memory Mapped I/O, Locality 0Memory Mapped I/O, Locality 0https://www.trustedcomputinggroup.org/specs/PCClient/https://www.trustedcomputinggroup.org/specs/PCClient/

Firmware – TCG compliant Conventional BIOS or EFIFirmware – TCG compliant Conventional BIOS or EFIEstablishes chain of trust for pre-OS bootEstablishes chain of trust for pre-OS bootMust support TCG Static Root Trust Measurement (SRTM)Must support TCG Static Root Trust Measurement (SRTM)Conventional BIOSConventional BIOS

TCG PC Client Specification: TCG PC Client Specification: https://www.trustedcomputinggroup.org/specs/PCClient/https://www.trustedcomputinggroup.org/specs/PCClient/

EFIEFITCG ACPI SpecificationTCG ACPI SpecificationTCG EFI Interface SpecificationTCG EFI Interface SpecificationTCG EFI Protocol SpecificationTCG EFI Protocol Specificationhttps://www.trustedcomputinggroup.org/specs/serverhttps://www.trustedcomputinggroup.org/specs/server

Firmware support for reading USB flash drives during bootFirmware support for reading USB flash drives during bootDisk must have at least two NTFS partitionsDisk must have at least two NTFS partitionsSee See Windows Server Longhorn Logo guide for detailsWindows Server Longhorn Logo guide for details

http://www.microsoft.com/whdc/winlogo/default.mspxhttp://www.microsoft.com/whdc/winlogo/default.mspx

Branch Office Challenges MetBranch Office Challenges MetTheft of server and/or its hard drivesTheft of server and/or its hard drives

OS Volume (including the pagefile and the OS) and data volumes are OS Volume (including the pagefile and the OS) and data volumes are completely protected by BitLocker™ completely protected by BitLocker™

Re-provision or decommission of server or its hard drivesRe-provision or decommission of server or its hard drivesVolume encryption keys can be destroyed via WMI provider method call. Volume encryption keys can be destroyed via WMI provider method call. Multiple hours for reclamation turned into seconds and data is gone! Multiple hours for reclamation turned into seconds and data is gone!

Data theft via disk cloning by maintenance and outsourcing Data theft via disk cloning by maintenance and outsourcing technicianstechnicians

Volume encryption keys are not released to the thief without an Volume encryption keys are not released to the thief without an authenticated boot. Disk cloning will only copy encrypted data.authenticated boot. Disk cloning will only copy encrypted data.

Secure deployment of a fully configured machine shipped to remote Secure deployment of a fully configured machine shipped to remote locationlocation

Image created at main office is secured with PIN. Authorized personnel Image created at main office is secured with PIN. Authorized personnel at branch office call in to get PIN and unlock the image.at branch office call in to get PIN and unlock the image.

Data-at-rest on Branch Office Servers Data-at-rest on Branch Office Servers is protected!is protected!

Value-Add OpportunitiesValue-Add Opportunities

Solutions to lower enterprise deployment costsSolutions to lower enterprise deployment costsRemove manual steps to ready the TPM for Remove manual steps to ready the TPM for BitLocker enterprise deploymentBitLocker enterprise deployment

An interactive “physical presence” assertion guards against malicious An interactive “physical presence” assertion guards against malicious software turning on the TPM, but zero-touch deployment is possible software turning on the TPM, but zero-touch deployment is possible after the TPM is onafter the TPM is on

Factory pre-configurations that ease BitLocker setupFactory pre-configurations that ease BitLocker setup

Other value-add BIOS features or management toolsOther value-add BIOS features or management tools

End-to-end enterprise solutions on clients and serversEnd-to-end enterprise solutions on clients and serversHelp enterprises achieve regulatory compliance – e.g.,Help enterprises achieve regulatory compliance – e.g.,Sarbanes-Oxley, Health Insurance Portability and Accountability Sarbanes-Oxley, Health Insurance Portability and Accountability Act (HIPAA)Act (HIPAA)

Key management, recovery and escrow servicesKey management, recovery and escrow services

Call To ActionCall To Action

Build server platforms with BitLocker™ supportBuild server platforms with BitLocker™ supportTrusted Platform Module (TPM) v1.2Trusted Platform Module (TPM) v1.2

Requires platform support of TPM 1.2 Interface Specification (TIS)Requires platform support of TPM 1.2 Interface Specification (TIS)

System firmware supportSystem firmware supportConventional BIOS or EFIConventional BIOS or EFI

USB flash drive functionality at bootUSB flash drive functionality at bootBitLocker uses USB drives as startup and recovery tokensBitLocker uses USB drives as startup and recovery tokens

Disk must have at least two NTFS partitionsDisk must have at least two NTFS partitionsThe system volume must have at least 1.5 GB for MBR, loader, boot The system volume must have at least 1.5 GB for MBR, loader, boot and setup files.and setup files.

Work with us to test your reference designsWork with us to test your reference designsE-mail: for more informationE-mail: for more informationbdeinfo @ microsoft.combdeinfo @ microsoft.com

Web resourcesWeb resourcesBitLocker™ informationBitLocker™ information

http://www.microsoft.com/technet/windowsvista/security/bitlockr.mspxhttp://www.microsoft.com/technet/windowsvista/security/bitlockr.mspxBitLocker™ technical papers and specsBitLocker™ technical papers and specs

http://www.microsoft.com/whdc/system/platform/hwsecurity/default.mspxhttp://www.microsoft.com/whdc/system/platform/hwsecurity/default.mspxWindows Logo program testingWindows Logo program testing

http://www.microsoft.com/whdc/GetStart/testing.mspxhttp://www.microsoft.com/whdc/GetStart/testing.mspxTCGTCG

http://www.trustedcomputinggroup.orghttp://www.trustedcomputinggroup.org

Related sessionsRelated sessionsBitLocker™ Drive Encryption: Hardware Enhanced Data Protection BitLocker™ Drive Encryption: Hardware Enhanced Data Protection (CPA064)(CPA064)Windows Vista and Windows Server Longhorn Security Platform Windows Vista and Windows Server Longhorn Security Platform Enhancements (CPA127)Enhancements (CPA127)

BitLocker™ questionsBitLocker™ questions

Additional ResourcesAdditional Resources

bdeinfo @ microsoft.combdeinfo @ microsoft.com

Question And AnswerQuestion And Answer

Thank You!Thank You!Please fill out an evaluation formPlease fill out an evaluation form

© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions,

it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.