Select Page

Microsoft Cloud Library

Articles about Microsoft Cloud

Latest news and technical articles related to cloud computing with Windows Server. We have carefully selected articles published by industry experts, featuring Microsoft’s engineering team.

Select a Topic to view articles of just that Topic. Select All to view the entire library.

Dynamically route alerts to the right team.

Dynamically route alerts to the right team.

Hello folks, After a discussion with a customer where they were expressing their “displeasure” with the number of alert notifications that the IT department was receiving from environments that were not critical but still in need of monitoring. I started ... continue reading
This image displays an alert in Microsoft Defender for Identity. The title states "Suspicious Kerberos delegation attempt by a newly created computer" followed by the subtitle "Administrator on evilcomputer5 used a ticket to delegate access to ATTACKER." Below the titles displays an administrator icon on the left and an attacker icon on the right, with an arrow pointing from the admin to the attacker stating "delegated a ticket with access to". The evidence includes "resource based constrained delegation is configured on the resource with the Administrator as allowed to delegate", "evilcomputer5 was created on May 19 2022 at 8:45 PM", and "this alert is associated with the KrbRelayUp exploitation".

Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp)

On April 24, 2022, a privilege escalation hacking tool, KrbRelayUp, was publicly disclosed on GitHub by security researcher Mor Davidovich. KrbRelayUp is a wrapper that can streamline the use of some features in Rubeus, KrbRelay, SCMUACBypass, PowerMad/SharpMad, Whisker, and ADCSPwn ... continue reading
Raising the Baseline Security for all Organizations in the World

Raising the Baseline Security for all Organizations in the World

Today, I am so incredibly excited to announce that we’re beginning the rollout of security defaults to existing Microsoft customers who haven’t yet rolled out security defaults or Azure AD Conditional Access. The Identity security team blocks tens of millions ... continue reading

Meta selects Azure as strategic cloud provider to advance AI innovation and deepen PyTorch collaboration

Microsoft is committed to the responsible advancement of AI to enable every person and organization to achieve more. Over the last few months, we have talked about advancements in our Azure infrastructure, Azure Cognitive Services, and Azure Machine Learning to ... continue reading

Meta selects Azure as strategic cloud provider to advance AI innovation and deepen PyTorch collaboration

Microsoft is committed to the responsible advancement of AI to enable every person and organization to achieve more. Over the last few months, we have talked about advancements in our Azure infrastructure, Azure Cognitive Services, and Azure Machine Learning to ... continue reading
Offset for monthly maintenance window reoccurrence schedule in Configuration Manager TP 2205

Offset for monthly maintenance window reoccurrence schedule in Configuration Manager TP 2205

Based upon your feedback, you can now offset monthly maintenance window schedules to better align deployments with the release of monthly security updates. For example, using an offset of two days after the second Tuesday of the month, sets the ... continue reading
Open Source XDP for Windows

Open Source XDP for Windows

XDP (eXpress Data Path) is a high performance, programmable network data path that is already a Linux Kernel project with a significant community (Google, Amazon, Intel, Mellanox, etc.) around it. “XDP for Windows” is our new open source XDP interface ... continue reading

Identity for All Hackathon is here! Come Innovate with us!

I am excited and energized to present to you a codefest on the Microsoft Identity Platform. The solutions for a secure, diverse, and inclusive future require different perspectives, fresh ideas, and new voices. We look forward to seeing many of ... continue reading
Operations view of Microsoft Build

Operations view of Microsoft Build

To be completely honest, in the past I didn't pay attention to MSBuild it was MSIgnite that I paid attention to or attended. My background is Infrastructure, if I code it's some PowerShell but hey that can mean you are ... continue reading
Microsoft Build 2022

Code, test, and ship your next app quickly and securely with Microsoft developer tools

Welcome to Microsoft Build, the event that’s all about celebrating the developer community! The work you do has the power to transform entire industries and keep critical businesses and services running through innovative solutions and applications. I couldn’t be more ... continue reading
Microsoft Build 2022

Scale your cloud-native apps and accelerate app modernization with Azure, the best cloud for your apps

Developers are essential to the world we live in today, and the work you do is critical to powering organizations in every industry. Every developer and development team brings new ideas and innovation. Our ambition with the Microsoft Cloud and ... continue reading
Microsoft Build 2022

Scale your cloud-native apps and accelerate app modernization with Azure, the best cloud for your apps

Developers are essential to the world we live in today, and the work you do is critical to powering organizations in every industry. Every developer and development team brings new ideas and innovation. Our ambition with the Microsoft Cloud and ... continue reading
Microsoft Build 2022

Introducing the Microsoft Intelligent Data Platform

We are moving to a world where every application needs to be intelligent and adaptive to real-time model learning. As businesses build modern data capabilities, they must make decisions at the speed of human thought. Developers are challenged by this, ... continue reading
The diagram illustrates how the attacker pushes a reflection attack to a target virtual machine that is hosted in Azure.

Anatomy of a DDoS amplification attack

Amplification attacks are one of the most common distributed denial of service (DDoS) attack vectors. These attacks are typically categorized as flooding or volumetric attacks, where the attacker succeeds in generating more traffic than the target can process, resulting in ... continue reading
Phases of risk management listed as identification, assessment, response, and monitoring and reporting.

How to improve risk management using Zero Trust architecture

“Compliance is all about risk management and lessening risk, and the same is true of Zero Trust.” —Abbas Kudrati Risk management, the process of developing a strategy for addressing risk throughout its lifecycle, normally involves four phases: risk identification, assessment, ... continue reading
Attack chain diagram with icons and arrows depicting a typical web skimming attack.

Beneath the surface: Uncovering the shift in web skimming

Microsoft security researchers recently observed that web skimming campaigns now employ various obfuscation techniques to deliver and hide skimming scripts. It’s a shift from earlier tactics where attackers conspicuously injected malicious scripts into e-commerce platforms and content management systems (CMSs) ... continue reading
ConfigMgr Infrastructure Example

Semi-Automate ConfigMgr Firewall Settings

Hi, Jonas here! Or as we say in the north of Germany: "Moin Moin!" I’m a Microsoft Senior Customer Engineer with a broad spectrum of interests. Due to recent events multiple customers have questioned their infrastructure security concept and approached me with ... continue reading
Figure 1 displays a diagram depicting a typical attack flow for XorDdos malware. The attacker communicates with a bot to SSH brute force a target device and download XorDdos. The malware then performs several techniques for evasion and persistence before connecting with the attacker's C2 server to send data and receive commands.

Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices

In the last six months, we observed a 254% increase in activity from a Linux trojan called XorDdos. First discovered in 2014 by the research group MalwareMustDie, XorDdos was named after its denial-of-service-related activities on Linux endpoints and servers as ... continue reading

So you want to be a CISO: What you should know about data protection

Data is the lifeblood of any organization. Whether you’re a Chief Information Security Officer (CISO) or aspiring to become one, protecting sensitive business data will be your main priority. But the job isn’t getting any easier. In 2021, the number ... continue reading
Docker Host network alternatives for Windows containers

Docker Host network alternatives for Windows containers

One of the things I like to do on my spare time is browse around forums, such as Reddit, Stack Overflow, and others, to check on questions people have around Windows containers that are not showing up on comments or ... continue reading

Building API-first solutions that aid modern Zero Trust infrastructure

Hello! I’m Sue Bohn, Microsoft Vice President of Program Management for Identity and Network Access. In this Voice of the ISV blog post, Jeremy Goldstein, Product Marketing Manager, and David Baldwin, Director of Product Management at SentinelOne, explain how Singularity ... continue reading
Web client diagram utilizing Datawiza and Microsoft Azure Active Directory.

Easy authentication and authorization in Azure Active Directory with No-Code Datawiza

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. The acceleration of cloud journeys fueled by the pandemic and ever-increasing concerns about data security and information privacy have made access management ... continue reading
Bar chart illustrating the distribution of cryware family detections from January to December 2021.

In hot pursuit of ‘cryware’: Defending hot wallets from attacks

The steep rise in cryptocurrency market capitalization, not surprisingly, mirrors a marked increase in threats and attacks that target or leverage cryptocurrencies. But Microsoft researchers are observing an even more interesting trend: the evolution of related malware and their techniques, ... continue reading
BrunoGabrielli_0-1651246854693.png

Azure Monitor: Expanding the Out-of-the-Box observability for your IT infrastructure

Hello ladies and gentlemen, How many times have you found yourself in the need of monitoring a custom KPI? How many times did you need to react to a situation in which a given number of records in a database ... continue reading
Placeholder

Microsoft session highlights from SAP Sapphire 2022

It has been three years since SAP Sapphire last occurred in person, and I was thrilled to meet with our customers and partners again this week. As SAP Sapphire comes to a close, I am taking a moment to reflect ... continue reading

Performance of Azure Shared Disk with Zone Redundant Storage (ZRS)

On September 9th, 2021, Microsoft announced the general availability of Zone-Redundant Storage (ZRS) for Azure Disk Storage, including Azure Shared Disk. What makes this interesting is that you can now build shared storage based failover cluster instances that span Availability ... continue reading
Azure Terrafy – Import your existing Azure infrastructure into Terraform HCL

Azure Terrafy – Import your existing Azure infrastructure into Terraform HCL

When working with Infrastructure as Code (IaC) it’s difficult to know sometimes where to start. You have a couple of options, go to the Terraform on Azure documentation, then figure out how to write some Terraform templates. Or you can ... continue reading
A histogram that presents the number of attacks observed from January 2019 to April 2021, to show prevalence. This chart is originally from the MITRE Sightings Ecosystem project.

Center for Threat-Informed Defense, Microsoft, and industry partners streamline MITRE ATT&CK® matrix evaluation for defenders

The MITRE Center for Threat-Informed Defense, Microsoft, and other industry partners collaborated on a project that created a repeatable methodology for developing a top MITRE ATT&CK® techniques list. The method aims to facilitate navigation of the ATT&CK framework, which could ... continue reading
New: Require reauthentication for Intune enrollment or risk

New: Require reauthentication for Intune enrollment or risk

Good afternoon! Explicitly verifying identity and devices is a top priority for organizations adopting Zero Trust. For some critical operations, it’s important to be able to re-prompt the user to ensure no one is “borrowing” their device or has stolen ... continue reading

Microsoft security experts outline next steps after compromise recovery

The Microsoft Compromise Recovery Security Practice (CRSP) is a worldwide team of cybersecurity experts operating in most countries, across both public and private organizations, with deep expertise to secure an environment post-security breach and to help you prevent a breach ... continue reading