Select Page
Branch office HGS configuration diagram

Improved branch office support for shielded VMs in Windows Server, version 1709

Companies with large branch offices often must make a tradeoff between user experience and security. To increase employee productivity, it may make sense to deploy replicas of certain applications like Active Directory Domain Controllers or file servers in a branch ... continue reading

Azure Automation DSC Pricing Flexibility

Today we would like to share a new flexible pricing strategy for managing server nodes using Azure Automation to deliver PowerShell Desired State Configuration, giving you greater control over costs of managing on-premises nodes. As you might already know, Azure ... continue reading
Demystifying Schannel

Demystifying Schannel

Hello all! Nathan Penn here to help with some of those pesky security questions that have lingered for years. Recently I have been fielding several questions on “How do I make sure that I am only using the TLS 1.2 ... continue reading

How to create a VM template for PAW

Continuing with the PAW series, after you followed the previous blog to build the PAW device, you can now deploy PAW VMs on it. There are two types of VMs you can create: Desktop VM: this is a standard VM, ... continue reading
Protecting Domain Administrative Credentials

Protecting Domain Administrative Credentials

Hello, Paul Bergson back again with today’s topic of preventing your Domain Administrators and other privileged identities from logging into Tier 1 and Tier 2 devices. Credential theft protection is always an important step in protecting the enterprise. While your ... continue reading

System Center 2016 now supports TLS1.2 security protocols

TLS 1.2 is the secure way of communication suggested by Microsoft with best-in class encryption. SSL and early TLS are not considered strong cryptography and cannot be used as a security control. Microsoft has added official support for TLS1.2 security ... continue reading
New Storage Management, Optimization, and Security Features in DPM 2016 UR4

New Storage Management, Optimization, and Security Features in DPM 2016 UR4

System Center 2016 Data Protection Manager can backup key workloads such as SQL, SharePoint, Exchange, file servers, clients and VMs running on Hyper-V or VMware. With Modern Backup Storage and RCT based Hyper-V VM backups, DPM 2016 goes a step ... continue reading
Windows Defender Exploit Guard: Reduce the attack surface against next-generation malware

Windows Defender Exploit Guard: Reduce the attack surface against next-generation malware

Windows Defender Exploit Guard is a new set of intrusion prevention capabilities that ships with the Windows 10 Fall Creators Update. The four components of Windows Defender Exploit Guard are designed to lock down the device against a wide variety ... continue reading
Stopping ransomware where it counts: Protecting your data with Controlled folder access

Stopping ransomware where it counts: Protecting your data with Controlled folder access

Windows Defender Exploit Guard is a new set of host intrusion prevention capabilities included with Windows 10 Fall Creators Update. One of its features, Controlled folder access, stops ransomware in its tracks by preventing unauthorized access to your important files ... continue reading

Frequently Asked Questions About HGS Certificates

The Host Guardian Service uses public key cryptography extensively to protect shielded VMs from attackers. Any time certificates with public-private key pairs come into play, there are bound to be many questions about how to properly set up and protect ... continue reading