Select Page
Flow chart showcasing identities and endpoints as their authentication and compliance requests are intercepted by the Zero Trust Policy for verification before being granted access to networks and the data, apps, and infrastructure they’re composed of.

US Government sets forth Zero Trust architecture strategy and requirements

To help protect the United States from increasingly sophisticated cyber threats, the White House issued Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity, which requires US Federal Government organizations to take action to strengthen national cybersecurity.1 Section 3 of ... continue reading
A timeline detailing UpdateAgent's evolution between September 2020 and October 2021 and the techniques the trojan adopted with each update. The timeline is further detailed in the following section:

The evolution of a Mac trojan: UpdateAgent’s progression

Our discovery and analysis of a sophisticated Mac trojan in October exposed a year-long evolution of a malware family—and depicts the rising complexity of threats across platforms. The trojan, tracked as UpdateAgent, started as a relatively basic information-stealer but was ... continue reading
Top 20 most visited blog posts for IT Pros in 2021

Top 20 most visited blog posts for IT Pros in 2021

From our first post on the 17th of September 2018, where Rick Claus introduced Microsoft's "Cloud Ops Advocate" team, we've published nearly 600 articles on this ITOps Talk blog! To end the year, we wanted to highlight some of our ... continue reading
DanielCarroll_0-1639415910955.png

Azure Virtual Desktop, ADFS SSO | The Case of the Trailing Slash

Over the last few months, I have noticed that a lot of customers have been working to configure Active Directory Federation Services (AD FS) single sign-on for Azure Virtual Desktop (AVD) to enable a more seamless login solution for their ... continue reading
Deploy Bicep files by using GitHub Actions

Deploy Bicep files by using GitHub Actions

Recently, I did a live streaming session for the New York City Microsoft Reactor in which I took concepts from the Quickstart: Deploy Bicep files by using GitHub Actions doc and put them into action. In this session I create ... continue reading
Diagram showing components of Qakbot campaigns as building blocks

A closer look at Qakbot’s latest building blocks (and how to knock them down)

Multiple Qakbot campaigns that are active at any given time prove that the decade-old malware continues to be many attackers’ tool of choice, a customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize ... continue reading
Homepage of the Vulnerable and Malicious Driver Reporting Center.

Improve kernel security with the new Microsoft Vulnerable and Malicious Driver Reporting Center

Windows 10 and Windows 11 have continued to raise the security bar for drivers running in the kernel. Kernel-mode driver publishers must pass the Hardware Lab Kit (HLK) compatibility tests, malware scanning, and prove their identity through extended validation (EV) ... continue reading
RussRimmerman_0-1638198579862.png

Use Azure Logic Apps to notify of pending AAD application client secrets and certificate expirations

DisclaimerThe sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability ... continue reading
Three icons representing data at rest, in transit, and in use.

Adopting a Zero Trust approach throughout the lifecycle of data

Instead of believing everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originates from an uncontrolled network. Regardless of where the request originates or what resource it accesses, Zero ... continue reading

Achieving Zero Trust readiness in your apps #1: Why it matters

Hello! I’m Jeff Sakowicz, Principal Program Management Lead for Application Platform Security within the Microsoft Identity team. Our team’s goal is to foster a secure, trustworthy, and thriving app ecosystem. Part of achieving this goal is enabling apps to support ... continue reading