How to Manage Microsoft Defender Policies with Intune on Non-Managed Devices
Architecture and Capabilities: From the endpoint security management architecture perspective, this scenario fulfills the gap of managing endpoint security features on unmanaged devices. For Intune managed devices, either cloud-only or co-management scenarios provided the endpoint security management capabilities. Also, ... continue reading

2023 identity security trends and solutions from Microsoft
Welcome to 2023! I wanted to kick this year off by having a quick look at the trends in identity security, what you can do about it, and what Microsoft is doing to help you. One of the things we ... continue reading
How to Manage Microsoft Defender on Windows Server via Intune
As companies adopt Microsoft Defender, there are certain questions coming from customers in terms of EPP management. These questions are mostly focusing on Microsoft Defender management in Windows Servers. I’d like to touch base on different management options for different ... continue reading
Check This Out! (CTO!) Guide (December 2022)
Hi everyone! Brandon Wilson here once again with this month’s “Check This Out!” (CTO!) guide. These posts are only intended to be your guide, to lead you to some content of interest, and are just a way we are ... continue reading
Windows 10 or Windows 11 GPO ADMX – An Update
Hi community, I am Helmut Wagensonner, a Cloud Solution Architect – Engineer at Microsoft. In a former blog (https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/windows-10-or-windows-11-gpo-admx-which-one-to-use-for-your/ba-p/3063322), where I did a comparison between Windows 10 and Windows 11 ADMX files, I promised in my comments to do ... continue reading
End user passwordless utopia
With all the different technologies available in Azure and Azure Active Directory (Azure AD), it’s easy to miss the bigger picture and how they all play into the end user experience. This includes: Azure AD Multifactor authentication (MFA) Passwordless authentication ... continue reading
How Do I Know If My AD Environment Is Impacted By The November 8th 2022 Patch?
Q: How can I determine if objects in my AD environment are impacted by the November 8th 2022 patch? A: Use a couple of queries I wrote specifically for that purpose. November 8th, 2022 brought us a patch ... continue reading

How to prevent lateral movement attacks using Microsoft 365 Defender
It’s been 10 years since the first version of the Mitigating Pass-the-Hash Attacks and Other Credential Theft whitepaper was made available, but the techniques are still relevant today, because they help prevent attackers from gaining a network foothold and using credential-dumping tools ... continue reading

DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector
In recent months, Microsoft has detected active ransomware and extortion campaigns impacting the global education sector, particularly in the US, by a threat actor we track as DEV-0832, also known as Vice Society. Shifting ransomware payloads over time from BlackCat, ... continue reading

Defenders beware: A case for post-ransomware investigations
Ransomware is one of the most pervasive threats that Microsoft Detection and Response Team (DART) responds to today. The groups behind these attacks continue to add sophistication to their tactics, techniques, and procedures (TTPs) as most network security postures increase ... continue reading