Select Page
Three icons representing data at rest, in transit, and in use.

Adopting a Zero Trust approach throughout the lifecycle of data

Instead of believing everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originates from an uncontrolled network. Regardless of where the request originates or what resource it accesses, Zero ... continue reading

Achieving Zero Trust readiness in your apps #1: Why it matters

Hello! I’m Jeff Sakowicz, Principal Program Management Lead for Application Platform Security within the Microsoft Identity team. Our team’s goal is to foster a secure, trustworthy, and thriving app ecosystem. Part of achieving this goal is enabling apps to support ... continue reading
First-party engineering systems for hardware and software, Firmware and driver security, physical security, manufacturing security, logistics security, supplier security, trust chain governance and resilience, security validations and assurances, and monitoring and detections.

Learn how Microsoft strengthens IoT and OT security with Zero Trust

As cyber threats grow more sophisticated and relentless, the need for Cybersecurity Awareness Month becomes more urgent every year. As part of our year-round commitment to security for all, Microsoft continues to track numerous incidents targeting both digital and physical ... continue reading
Untitled Project (Time 0_02_56;06).png

SMB over QUIC is GA and we have lots of news!

Heya folks, Ned here again. As you might have heard now in all the MS Ignite hullabaloo, Windows Server 2022 Datacenter: Azure Edition is now generally available and that means that SMB over QUIC is now generally available too! I ... continue reading
Making DoH Discoverable: Introducing DDR

Making DoH Discoverable: Introducing DDR

Credit and thanks to Alexandru Jercaianu for implementation work DNS over HTTPS (DoH) in the DNS client exited preview and became a supported feature with the Windows Server 2022 and Windows 11 releases. Unlike plain-text DNS, DoH requires a template ... continue reading
DagmarHeidecker_0-1633936309439.png

NDES Security Best Practices

Hi, I am Dagmar, working for the Microsoft Compromise Recovery Security Practice team. As NDES (Network Device Enrollment Server) – if misconfigured or not secured and hardened properly – can be a door opener for the compromise of an Active ... continue reading
Customized property permission = ExtendedRights in ActiveDirectoryRights

Understanding Get-ACL and AD Drive Output

Understanding Active Directory ACL using PowerShell can be a bit tricky. There are no out-of-the-box cmdlets with ActiveDirectory PowerShell module to help in settings the permission quickly. While there are no cmdlets, you can nevertheless manage AD permissions using the ... continue reading
Diagram showing structure of Microsoft.IdentityServer.ServiceHost.exe after loading version.dll

FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor

Microsoft continues to work with partners and customers to track and expand our knowledge of the threat actor we refer to as NOBELIUM, the actor behind the SUNBURST backdoor, TEARDROP malware, and related components. As we stated before, we suspect ... continue reading
Table showing differences between phishing kits and phishing-as-a-service

Catching the big fish: Analyzing a large-scale phishing-as-a-service operation

In researching phishing attacks, we came across a campaign that used a rather high volume of newly created and unique subdomains—over 300,000 in a single run. This investigation led us down a rabbit hole as we unearthed one of the ... continue reading
Graphic illustrates the steps, goals, and initial questions in DART’s ransomware investigation assistance.

A guide to combatting human-operated ransomware: Part 1

This blog is part one of a two-part series focused on how Microsoft DART helps customers with human-operated ransomware. For more guidance on human-operated ransomware and how to defend against these extortion-based attacks, refer to our human-operated ransomware docs page ... continue reading