Select Page
Untitled Project (Time 0_02_56;06).png

SMB over QUIC is GA and we have lots of news!

Heya folks, Ned here again. As you might have heard now in all the MS Ignite hullabaloo, Windows Server 2022 Datacenter: Azure Edition is now generally available and that means that SMB over QUIC is now generally available too! I ... continue reading
Making DoH Discoverable: Introducing DDR

Making DoH Discoverable: Introducing DDR

Credit and thanks to Alexandru Jercaianu for implementation work DNS over HTTPS (DoH) in the DNS client exited preview and became a supported feature with the Windows Server 2022 and Windows 11 releases. Unlike plain-text DNS, DoH requires a template ... continue reading
DagmarHeidecker_0-1633936309439.png

NDES Security Best Practices

Hi, I am Dagmar, working for the Microsoft Compromise Recovery Security Practice team. As NDES (Network Device Enrollment Server) – if misconfigured or not secured and hardened properly – can be a door opener for the compromise of an Active ... continue reading
Customized property permission = ExtendedRights in ActiveDirectoryRights

Understanding Get-ACL and AD Drive Output

Understanding Active Directory ACL using PowerShell can be a bit tricky. There are no out-of-the-box cmdlets with ActiveDirectory PowerShell module to help in settings the permission quickly. While there are no cmdlets, you can nevertheless manage AD permissions using the ... continue reading
Diagram showing structure of Microsoft.IdentityServer.ServiceHost.exe after loading version.dll

FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor

Microsoft continues to work with partners and customers to track and expand our knowledge of the threat actor we refer to as NOBELIUM, the actor behind the SUNBURST backdoor, TEARDROP malware, and related components. As we stated before, we suspect ... continue reading
Table showing differences between phishing kits and phishing-as-a-service

Catching the big fish: Analyzing a large-scale phishing-as-a-service operation

In researching phishing attacks, we came across a campaign that used a rather high volume of newly created and unique subdomains—over 300,000 in a single run. This investigation led us down a rabbit hole as we unearthed one of the ... continue reading
Graphic illustrates the steps, goals, and initial questions in DART’s ransomware investigation assistance.

A guide to combatting human-operated ransomware: Part 1

This blog is part one of a two-part series focused on how Microsoft DART helps customers with human-operated ransomware. For more guidance on human-operated ransomware and how to defend against these extortion-based attacks, refer to our human-operated ransomware docs page ... continue reading
An image of Azure Firewall Premium SKU with a drop down menu for the new auto-generated certification mechanism.

Boost your network security with new updates to Azure Firewall

This post was co-authored by Eliran Azulai, Principal Program Manager, Azure Networking. Today, we are announcing new Azure Firewall capabilities as well as updates for August 2021. Azure Firewall supports US West 3, Jio India West, and Brazil Southeast. Auto-generated ... continue reading
2021-08-30_17-30-37.png

Windows Server 2022 is full of new file services!

Heya folks, Ned here again. As you’ve heard by now, Windows Server 2022 is available and supported for production deployments. This new OS brings many new features around security, storage, networking, web, containers, applications, virtualization, edge, and Azure hybrid. Today ... continue reading
Introduction to Secured-core computing

Introduction to Secured-core computing

Security is a broad topic that has components across all layers of the technology stack. Lately I’ve been investigating the concept of Secured-core computing, available with hardware from OEM providers running Windows 10 and now also Windows Server 2022 (preview) ... continue reading