Select Page
In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks

In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks

Our experience in detecting and blocking threats on millions of endpoints tells us that attackers will stop at nothing to circumvent protections. Even one gap in security can be disastrous to an organization. At Microsoft, we don’t stop finding new ... continue reading
Infographic showing the classic SIEM model: Incidents, Alert Queue, Primary Investigation, Pivot and Remediate.

CISO series: Lessons learned from the Microsoft SOC—Part 3a: Choosing SOC tools

The Lessons learned from the Microsoft SOC blog series is designed to share our approach and experience with security operations center (SOC) operations. Our learnings in the series come primarily from Microsoft’s corporate IT security operation team, one of several ... continue reading

Virtualization-Based Security: Enabled by Default

Virtualization-based Security (VBS) uses hardware virtualization features to create and isolate a secure region of memory from the normal operating system. Windows can use this "virtual secure mode" (VSM) to host a number of security solutions, providing them with greatly ... continue reading
Forrester names Microsoft a Leader in 2019 Endpoint Security Suites Wave

Forrester names Microsoft a Leader in 2019 Endpoint Security Suites Wave

As we continue as a company to empower every person on the planet to achieve more, we keep delivering on our mission through products that achieve the highest recognition in the industry. For the last several years we’ve been working ... continue reading
Rethinking how we learn security

Rethinking how we learn security

A couple of years ago, I wrote an article on the relative lack of investor and startup interest in addressing a crucial CISO priority—the preparedness of employees on the security team. Considering what seems to be a steady stream of ... continue reading
Enhanced Audit Status Message Queries

Enhanced Audit Status Message Queries

First published on TECHNET on Mar 18, 2019Authored by Brandon McMillanHello everyone! My name is Brandon McMillan and I am a System Center Configuration Manager (ConfigMgr) PFE. I have found that Status Message Queries can be one of the more ... continue reading
Configuration Manager Current Branch Antivirus Exclusions

Configuration Manager Current Branch Antivirus Exclusions

First published on TECHNET on May 24, 2017Authored by Brandon McMillanHey everybody! My name is Brandon McMillan and I am a System Center Configuration Manager (ConfigMgr) PFE at Microsoft. ConfigMgr Current Branch has been the standard service based model since ... continue reading
Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware

Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware

We’ve discussed the challenges that fileless threats pose in security, and how Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) employs advanced strategies to defeat these sophisticated threats. Part of the slyness of fileless malware is their use of living-off-the-land ... continue reading
Top 5 use cases to help you make the most of your Cloud Access Security Broker

Top 5 use cases to help you make the most of your Cloud Access Security Broker

The number of apps and the flexibility for users to access them from anywhere continues to increase. This presents a challenge for IT departments in ensuring secure access and protecting the flow of critical data with a consistent set of ... continue reading

Updating Help for older versions of PowerShell

PowerShell’s Updatable Help system was introduced in PowerShell 3.0. It was designed to assure that you always have the newest help topics on your local computer so that you can read them at the command line. Help was updated with ... continue reading