Troubleshooting HTTP/3 in http.sys
HTTP/3 is a major change to HTTP. It switches away from using TCP as a transport and TLS separately to using QUIC as a transport which has TLS 1.3 or higher built in. These changes mean that migrating from HTTP/2 ... continue reading

Meet PCI compliance with credit card tokenization
In building and running a business, the safety and security of your and your customers' sensitive information and data is a top priority, especially when storing financial information and processing payments are concerned. The Payment Card Industry Data Security Standard ... continue reading

Observability from cloud to edge in Azure
This post is co-authored by Rahul Bagaria, Principal Product Manager, Azure Monitor Customer Success Our customers are transforming their digital environments, whether migrating workloads to Azure, building new cloud-native apps, or unlocking new scenarios at the edge. As they combine ... continue reading
What you need to know about how cryptography impacts your security strategy
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest post of our Voice of the Community blog series post, Microsoft Security Product Marketing Manager Natalia Godyla ... continue reading
NDES Security Best Practices
Hi, I am Dagmar, working for the Microsoft Compromise Recovery Security Practice team. As NDES (Network Device Enrollment Server) – if misconfigured or not secured and hardened properly – can be a door opener for the compromise of an Active ... continue reading

What’s new with SQL Server Big Data Clusters—CU13 Release
SQL Server Big Data Clusters (BDC) is a capability brought to market as part of the SQL Server 2019 release. Big Data Clusters extends SQL Server's analytical capabilities beyond in-database processing of transactional and analytical workloads by uniting the SQL ... continue reading
New Features of Windows Server 2022 Failover Clustering
Greetings again Windows Server and Failover Cluster fans!! John Marlin here and I own the Failover Clustering feature within the Microsoft product team. In this blog, I will be giving an overview of the new features in Windows Server 2022 ... continue reading
Windows Server 2022 is full of new file services!
Heya folks, Ned here again. As you’ve heard by now, Windows Server 2022 is available and supported for production deployments. This new OS brings many new features around security, storage, networking, web, containers, applications, virtualization, edge, and Azure hybrid. Today ... continue reading
Configure SMB Signing with Confidence
Heya folks, Ned here again. Many years ago, we made configuring SMB signing in Windows pretty complicated. Then, years later, we made it even more complicated in an attempt to be less complicated. Today I'm here to explain the SMB ... continue reading

Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware
The Microsoft Threat Intelligence Center (MSTIC) alongside the Microsoft Security Response Center (MSRC) has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits (CVE-2021-31979 and CVE-2021-33771). Private-sector offensive actors are ... continue reading