How To Automate The Hybrid World Part Two Of Two
Hi, Jonas here! Or as we say in the north of Germany: "Moin Moin!"I’m a Microsoft Senior Cloud Solution Architect – Engineering (or short Sr. CSA-E) and in this article I want to talk about how to automate the hybrid world. Over ... continue reading
SMB insecure guest auth now off by default in Windows Insider Pro editions
Heya folks, Ned here again. Starting in Windows 11 Insider Preview Build 25276, the Pro editions of Windows now disable SMB insecure guest authentication fallbacks by default. Guest logons don't require passwords & don't support standard security features like signing and encryption. Allowing ... continue reading

IIS modules: The evolution of web shells and how to detect them
Web exploitation and web shells are some of the most common entry points in the current threat landscape. Web servers provide an external avenue directly into your corporate network, which often results in web servers being an initial intrusion vector ... continue reading

Defenders beware: A case for post-ransomware investigations
Ransomware is one of the most pervasive threats that Microsoft Detection and Response Team (DART) responds to today. The groups behind these attacks continue to add sophistication to their tactics, techniques, and procedures (TTPs) as most network security postures increase ... continue reading
How to troubleshoot applications on Windows Containers with the Log Monitor tool
In my previous blog post, I showed how to manually troubleshoot Windows Containers by opening an interactive session to a container, running a PowerShell session, and using the Get-WinEvent cmdlet to view the application logs on the container instance. While ... continue reading
How to manually troubleshoot applications on Windows containers
Developers are more and more creating applications on containers, and guess what? It’s still up to us – ITPros – to troubleshoot anything that happens in production. Containers are not VMs, so where to even start, you might ask. We’ll ... continue reading

Azure Monitor: Audit your Azure and non-Azure SQL Server
Hi everyone, time passed since my last post. Hope you missed me Today I am going to cover an interesting aspect on how to capture security audit events from both Azure and non-Azure SQL Server machines. Most of you probably ... continue reading
Forward On-Premises Windows Security Event Logs to Microsoft Sentinel
Hello, It has been a while since Raven, and I have blogged on security. My little buddy Raven (miniature Schnauzer) has been dealing with genetic back problems that have made it difficult to run or jump, so her days of ... continue reading
SQL Server 2019 PolyBase feature High Availability
One of the most exciting aspects of SQL Server 2019 are the enhanced capabilities around the PolyBase feature that enables access to non-SQL Server external data sources through a process referred to as virtualization. The data remains at the external ... continue reading

New Microsoft Sysmon report in VirusTotal improves security
Today, following the 25th year anniversary of Microsoft Sysinternals, we are announcing the general availability of a new Microsoft Sysmon report in VirusTotal. Whether you’re an IT professional or a developer, you’re probably already using Microsoft Sysinternals utilities to help you ... continue reading