Adopting guidance from the US National Cybersecurity Strategy to secure the Internet of Things
The recently published United States National Cybersecurity Strategy warns that many popular Internet of Things (IoT) devices are not sufficiently secure to protect against many of today’s common cybersecurity threats.1 The strategy also cautions that many of these IoT devices ... continue reading
The care and feeding of Azure Arc for Servers
Microsoft Azure has a great set of capabilities for managing non-Azure based servers, including monitoring, policy evaluation, inventory and change tracking, and security tools. Access to those services for non-Azure servers may be via Azure Arc – specifically installation of ... continue reading
Bitlocker is not resuming after reboot count has been reached
Hi, I'm Helmut Wagensonner, a Cloud Solution Architect Engineer at Microsoft. Recently, I ran into an unexpected Bitlocker behavior at a customer. It turned out that this behavior is on purpose so I thought I let you know about ... continue reading

Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign
This guide provides steps that organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2022-21894 via a Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus. UEFI bootkits are particularly dangerous as they run ... continue reading
Check This Out! (CTO!) Guide (March 2023)
Hi everyone! Brandon Wilson here once again with this month’s “Check This Out!” (CTO!) guide. These posts are only intended to be your guide, to lead you to some content of interest, and are just a way we are ... continue reading
Change Configuration Manager Site Server OS – In-place Upgrade Reference
Hello! My name is Herbert Fuchs and together with other members of the Customer Success Unit and the Customer Service & Support Organization we want to help our Customers with This Blog-Series. We gathered information and put our field ... continue reading
Modernizing Endpoint Management – Encryption – Part 1
Introduction: We understand the benefits of modernizing endpoint management using Microsoft Endpoint Manager (MEM) for both physical and virtual endpoints (W365). We see organizations of different types & sizes are in different phases in their cloud journey. There are businesses ... continue reading

Profiling DEV-0270: PHOSPHORUS’ ransomware operations
Microsoft threat intelligence teams have been tracking multiple ransomware campaigns and have tied these attacks to DEV-0270, also known as Nemesis Kitten, a sub-group of Iranian actor PHOSPHORUS. Microsoft assesses with moderate confidence that DEV-0270 conducts malicious network operations, including ... continue reading
Modernizing Endpoint Management – Encryption – Part 2
Introduction: In part 1, we saw how to use MEM portal to view and recover Bitlocker recovery keys for ConfigMgr clients that are tenant attached. In part 2 of this blog, we will see how to migrate Bitlocker keys to ... continue reading
Modernizing Endpoint Management – Encryption – Part1
Introduction: We understand the benefits of modernizing endpoint management using Microsoft Endpoint Manager (MEM) for both physical and virtual endpoints (W365). We see organizations of different types & sizes are in different phases in their cloud journey. There are businesses ... continue reading