As members of Microsoft’s Detection and Response Team (DART), we’ve seen a significant increase in adversaries “living off the land” and using compromised account credentials for malicious purposes. From an investigation standpoint, tracking adversaries using this method is quite difficult ... continue reading

The purpose of this post is to show how you can collect and query security events of interest from Windows servers. To do this we will use: Azure Security Center to collect events Log Analytics Workspace to store events Kusto ... continue reading

Doctor Scripto returns again with our good friend Joel Vickery, PFE who is going to touch on the use of Workflows In PowerShell. Take it away Joel! Following up on my original post Parallel Processing with jobs in PowerShell, I ... continue reading

Over the last couple of years, we havesharedwhy it is business critical to migrate and upgrade apps and services running on Windows Server 2008 and 2008 R2. As you are aware, on January 14th, 2020, support for Windows Server 2008 ... continue reading

Introduction The document outlines the steps required to install SCCM CB 1902 with SQL 2017 using PowerShell. These steps can be used on a disconnected network. The scripts included in this document can also be added to MDT to automate ... continue reading

Disaster can hit at any time. When thinking about disaster and recovery, I think of 3 things Be prepared Plan on not involving humans Automatic, not automated Having a good strategy is a must. You want to be able to ... continue reading

Hello Everyone, my name is Zoheb Shaikh and I’m a Solution Engineer working with Microsoft Mission Critical team (SMC). I’ll share with you something interesting that I came across recently where one of our Enterprise customers had multiple clients where ... continue reading

You are going to create a SQL Server Failover Cluster Instance in Part 4 of our series on how to build a SQL Cluster Lab. The FCI will only be installed on Node1 and Node2. FCIs require shared storage so ... continue reading

Every week I have at least one conversation with a security decision maker explaining why a lot of the hyperbole about passwords – “never use a password that has ever been seen in a breach,” “use really long passwords”, “passphrases-will-save-us”, ... continue reading

Hi All, Alan here again, this time trying to give some details on these two settings that will become active from January 2020 and they are creating some misunderstandings. Let’s start saying that since Windows Server 2008 we have events ... continue reading