Select Page
Screen grab of the Tarrask malware creating new registry keys and new scheduled tasks in Registry Editor.

Tarrask malware uses scheduled tasks for defense evasion

As Microsoft continues to track the high-priority state-sponsored threat actor HAFNIUM, new activity has been uncovered that leverages unpatched zero-day vulnerabilities as initial vectors. The Microsoft Detection and Response Team (DART) in collaboration with the Microsoft Threat Intelligence Center (MSTIC) ... continue reading
Troubleshooting Windows containers apps on Azure Kubernetes Service

Troubleshooting Windows containers apps on Azure Kubernetes Service

Alright, it’s time to bring together everything we learned so far in this series. Previously, we looked at the simplest way to collect logs, how to use the Log Monitor tool, and how to make things simpler with Windows Admin ... continue reading
Step-by-step: Creating a new test environment for gMSA on AKS

Step-by-step: Creating a new test environment for gMSA on AKS

Microsoft recently announced a new feature that will help customers move existing applications to Azure Kubernetes Service (AKS) – Group Managed Service Accounts (gMSA). In a nutshell, gMSA allows applications that are Active Directory (AD) dependent to be containerized. By ... continue reading
Deep dive: How Azure AD Kerberos works

Deep dive: How Azure AD Kerberos works

If you have ever explored the differences between Active Directory (AD DS) and Azure Active Directory (Azure AD), you would have found that Azure Active Directory doesn't support the Kerberos authentication protocol, but Active Directory does. Kerberos is used to ... continue reading
1.png

Windows 10 or Windows 11 GPO ADMX – Which one to use for your central store?

Hi community, My name is Helmut Wagensonner. I’m a Customer Engineer at Microsoft and this blog should help you to understand, which Administrative Templates (admx) to choose for your Windows 11 / Windows 10 mixed environment. Remember how it was ... continue reading
Top 20 most visited blog posts for IT Pros in 2021

Top 20 most visited blog posts for IT Pros in 2021

From our first post on the 17th of September 2018, where Rick Claus introduced Microsoft's "Cloud Ops Advocate" team, we've published nearly 600 articles on this ITOps Talk blog! To end the year, we wanted to highlight some of our ... continue reading
Step-by-Step Guide: Active Directory Migration from Windows Server 2008 R2 to Windows Server 2022

Step-by-Step Guide: Active Directory Migration from Windows Server 2008 R2 to Windows Server 2022

Windows Server 2008 and Windows Server 2008 R2 Operating system reached the end of their support cycle on the 14th of January 2020. Because of this many organizations wanted to migrate away from these legacy operating systems. End-of-life operating systems ... continue reading
laps1.png

Step-by-Step Guide: How to Configure Microsoft Local Administrator Password Solution (LAPS)

In a business, when setting up new servers or computers, most of the time administrators are using one common password for the local administrator account. This account is usually used as a backdoor by administrators for software installation/uninstallation, to log ... continue reading
Graphic outlines DART’s containment steps, which cover assessing the scope of the situation and preserving existing systems.

A guide to combatting human-operated ransomware: Part 2

This blog is part two of a two-part series focused on how Microsoft DART helps customers with human-operated ransomware. For more guidance on human-operated ransomware and how to defend against these extortion-based attacks, refer to our human-operated ransomware docs page ... continue reading
Graphic illustrates the steps, goals, and initial questions in DART’s ransomware investigation assistance.

A guide to combatting human-operated ransomware: Part 1

This blog is part one of a two-part series focused on how Microsoft DART helps customers with human-operated ransomware. For more guidance on human-operated ransomware and how to defend against these extortion-based attacks, refer to our human-operated ransomware docs page ... continue reading