
Volt Typhoon targets US critical infrastructure with living-off-the-land techniques
Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States. The attack is carried out by Volt Typhoon, a state-sponsored actor based in China ... continue reading
How to deploy gMSA on AKS with Terraform
The other day I posted a blog on how to deploy an AKS cluster that is ready for Windows workloads using Terraform. Today, I wanted to expand that to include gMSA, which is a highly requested feature from Windows customers ... continue reading
Reporting on Azure AD Password Protection
Hi everyone! It's been a long time, but Graeme Bray here with you to talk about an Azure Monitor workbook you can deploy in your environment to help you report on your Azure AD Password Protection. You are running AAD ... continue reading

MERCURY and DEV-1084: Destructive attack on hybrid environment
Microsoft Threat Intelligence has detected destructive operations enabled by MERCURY, a nation-state actor linked to the Iranian government, that attacked both on-premises and cloud environments. While the threat actors attempted to masquerade the activity as a standard ransomware campaign, the ... continue reading
Check This Out! (CTO!) Guide (March 2023)
Hi everyone! Brandon Wilson here once again with this month’s “Check This Out!” (CTO!) guide. These posts are only intended to be your guide, to lead you to some content of interest, and are just a way we are ... continue reading
Modernizing Endpoints – Installing CM Client on AADJ Device
Introduction: In this blog we will discuss a specific use case that I came across while working with a Community College. The college wanted to simplify their Windows provisioning. They had a lot of apps built in their ConfigMgr environment ... continue reading

Connect, secure, and simplify your network resources with Azure Virtual Network Manager
Enterprise-scale management and configuration of your network resources in Azure are key to keeping costs down, reducing operational overhead, and properly connecting and securing your network presence in the cloud. We are happy to announce Azure Virtual Network Manager (AVNM), your ... continue reading
How to Manage Microsoft Defender Policies with Intune on Non-Managed Devices
Architecture and Capabilities: From the endpoint security management architecture perspective, this scenario fulfills the gap of managing endpoint security features on unmanaged devices. For Intune managed devices, either cloud-only or co-management scenarios provided the endpoint security management capabilities. Also, ... continue reading

2023 identity security trends and solutions from Microsoft
Welcome to 2023! I wanted to kick this year off by having a quick look at the trends in identity security, what you can do about it, and what Microsoft is doing to help you. One of the things we ... continue reading
How to Manage Microsoft Defender on Windows Server via Intune
As companies adopt Microsoft Defender, there are certain questions coming from customers in terms of EPP management. These questions are mostly focusing on Microsoft Defender management in Windows Servers. I’d like to touch base on different management options for different ... continue reading