Select Page
Volt Typhoon targets US critical infrastructure with living-off-the-land techniques

Volt Typhoon targets US critical infrastructure with living-off-the-land techniques

Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States. The attack is carried out by Volt Typhoon, a state-sponsored actor based in China ... continue reading
How to deploy gMSA on AKS with Terraform

How to deploy gMSA on AKS with Terraform

The other day I posted a blog on how to deploy an AKS cluster that is ready for Windows workloads using Terraform. Today, I wanted to expand that to include gMSA, which is a highly requested feature from Windows customers ... continue reading
GraemeBray_0-1682363746265.png

Reporting on Azure AD Password Protection

Hi everyone! It's been a long time, but Graeme Bray here with you to talk about an Azure Monitor workbook you can deploy in your environment to help you report on your Azure AD Password Protection.  You are running AAD ... continue reading
Attack flow of the threat actor through initial access, execution, discovery, persistence, credential access, lateral movement, execution, impact, and communications stages.

MERCURY and DEV-1084: Destructive attack on hybrid environment

Microsoft Threat Intelligence has detected destructive operations enabled by MERCURY, a nation-state actor linked to the Iranian government, that attacked both on-premises and cloud environments. While the threat actors attempted to masquerade the activity as a standard ransomware campaign, the ... continue reading
Microsoft-logo-flag only.JPG

Check This Out! (CTO!) Guide (March 2023)

  Hi everyone! Brandon Wilson here once again with this month’s “Check This Out!” (CTO!) guide. These posts are only intended to be your guide, to lead you to some content of interest, and are just a way we are ... continue reading
PaddyDamodharan_1-1679513111113.png

Modernizing Endpoints – Installing CM Client on AADJ Device

Introduction: In this blog we will discuss a specific use case that I came across while working with a Community College. The college wanted to simplify their Windows provisioning. They had a lot of apps built in their ConfigMgr environment ... continue reading
Diagram showing the order of evaluation for network traffic with security admin rules and network security group rules.

Connect, secure, and simplify your network resources with Azure Virtual Network Manager

Enterprise-scale management and configuration of your network resources in Azure are key to keeping costs down, reducing operational overhead, and properly connecting and securing your network presence in the cloud. We are happy to announce Azure Virtual Network Manager (AVNM), your ... continue reading
Unified Endpoint Security Management Experience Architecture

How to Manage Microsoft Defender Policies with Intune on Non-Managed Devices

Architecture and Capabilities:   From the endpoint security management architecture perspective, this scenario fulfills the gap of managing endpoint security features on unmanaged devices. For Intune managed devices, either cloud-only or co-management scenarios provided the endpoint security management capabilities. Also, ... continue reading
Graphic detailing three different waves of identity attacks. First is password attacks, which consist of breach replay, password spray, and phishing. Next is multifactor authentication attacks, which includes SIM-jacking, multifactor authentication fatigue, adversary in the middle. Third is post-authentication attacks, including token theft and consent phishing.

2023 identity security trends and solutions from Microsoft

Welcome to 2023! I wanted to kick this year off by having a quick look at the trends in identity security, what you can do about it, and what Microsoft is doing to help you. One of the things we ... continue reading
Snippet from Group Policy Object, Microsoft Defender Antivirus Policies

How to Manage Microsoft Defender on Windows Server via Intune

As companies adopt Microsoft Defender, there are certain questions coming from customers in terms of EPP management. These questions are mostly focusing on Microsoft Defender management in Windows Servers. I’d like to touch base on different management options for different ... continue reading