Select Page
Diagram of the high-level Solorigate attack chain

Using Microsoft 365 Defender to protect against Solorigate

Microsoft security researchers continue to investigate and respond to the sophisticated cyberattack known as Solorigate (also referred to as Sunburst by FireEye) involving a supply chain compromise and the subsequent compromise of cloud assets. While the related investigations and impact ... continue reading
EJansen_0-1608667230286.png

The Mysterious Case of the Self-Moving FSMO Roles

Hello all! This is Chris Cartwright from Directory Services. I had a coworker, Eric Jansen, reach out to me from the field and ask about an incident on site he was looking into a scenario where "the PDCE (Primary Domain ... continue reading
Advice for incident responders on recovery from systemic identity compromises

Advice for incident responders on recovery from systemic identity compromises

As Microsoft alongside our industry partners and the security community continues to investigate the extent of the Solorigate attack, our goal is to provide the latest threat intelligence including IOCs and guidance across our products and solutions to help the ... continue reading
EA.gif

MEM – Endpoint Analytics Setup Operation and Troubleshooting

Hi IT Pros, Microsoft has just released Endpoint Manager – Endpoint Analytics. It is a cool feature, addressing service desk long time need to monitor and identify the devices which have delay sign-in time and performance issue even before Users ... continue reading
Orgs with ZeroLogon exploitation attempts by red teams and real attackers starting September 13, 2020

Zerologon is now detected by Microsoft Defender for Identity

There has been a huge focus on the recently patched CVE-2020-1472 Netlogon Elevation of Privilege vulnerability, widely known as ZeroLogon. While Microsoft strongly recommends that you deploy the latest security updates to your servers and devices, we also want to ... continue reading
f1.png

Are Your IaaS Domain Controllers Secured in Azure?

Hi Everyone, Zoheb here again with my colleague Tim Beasley. Today, we will be sharing some best practices to help ensure that your VMs (virtual machines) (including Domain Controllers) are secure in your Azure/Cloud environment. I would like to start ... continue reading
RS2.gif

Demystifying Ransomware Attacks Against Microsoft Defender Solution

Hi IT Pros, As you have known it, Ransomware is in aggravated assault mode at this time of year 2020, the joint cybersecurity advisory comes from the Cybersecurity Infrastructure and Security Agency (CISA), the Federal Bureau of Investigation (FBI), and ... continue reading
image1.png

HOW TO: Create a Windows Server 2019 NAS / FileServer from the command line

My old Synology NAS for home use had started to show signs of wear and was in need of replacement. It had plenty of disk space and performed well enough - but the version I had lacked any real power ... continue reading
MDfIst.gif

Microsoft Defender for Identity – Azure ATP Deployment and Troubleshooting

Hi IT Pros, Recently, I searched the internet and could not find the document for Microsoft Defender for Identity (Azure ATP) Setup and Troubleshooting. So, I prepared this document for our convenient reference and deployment in the future. Please check ... continue reading
MDfI3.gif

Microsoft Defender for Identity – Azure ATP Daily Operation

Hi IT Pros, I would like to continue the blog about Microsoft Defender for Identity with topic related to the daily operation of SecOp Team who traces all attacks against Identities stored in your on-prem Active Directory domain controllers. Please ... continue reading