Select Page
Infographic showing the classic SIEM model: Incidents, Alert Queue, Primary Investigation, Pivot and Remediate.

CISO series: Lessons learned from the Microsoft SOC—Part 3a: Choosing SOC tools

The Lessons learned from the Microsoft SOC blog series is designed to share our approach and experience with security operations center (SOC) operations. Our learnings in the series come primarily from Microsoft’s corporate IT security operation team, one of several ... continue reading
Top 10 Networking Features in Windows Server 2019: #10 Accurate Network Time

Top 10 Networking Features in Windows Server 2019: #10 Accurate Network Time

First published on TECHNET on Jul 18, 2018This blog is part of a series for the Top 10 Networking Features in Windows Server 2019!-- Due to the move of blog locations, if you find a broken link, please check https://aka.ms/W32Time ... continue reading
AAD Dynamic Groups, Controlled MFA Registration, Intune + Admin Templates and AIP Log Analytics

AAD Dynamic Groups, Controlled MFA Registration, Intune + Admin Templates and AIP Log Analytics

Hi folks – this morning, I’m taking a little side-trip away from my series about the modern Microsoft productivity platform for a brief review of a handful of new or lesser-known gems. I’m going to touch on four capabilities, all ... continue reading
Failed Login Report Using Log Analytics and Logic Apps

Failed Login Report Using Log Analytics and Logic Apps

My name is Brad Watts and I’m a SCOM PFE. I wanted to take a little bit of time to demonstrate how you can use Azure Log Analytics along with Azure Logic Apps to email out reports on important information ... continue reading
Step-By-Step: Implementing Azure AD Password Protection On-Premises

Step-By-Step: Implementing Azure AD Password Protection On-Premises

I travel a lot in Italy, and many times I see multiple customers that are asking for the same requests. One request is the possibility to block some specific passwords in Active Directory. Unfortunately too many users have BAD habits ... continue reading
Windows Server 2016: WUSA Event ID 3: "The referenced assembly could not be found"

Windows Server 2016: WUSA Event ID 3: “The referenced assembly could not be found”

First published on TECHNET on Apr 17, 2019Hi this is Michael Koeppl from the Support for Mission Critical team again. This time I wanted to walk you through a recent troubleshooting scenario I had at my customer.14 out of 2150 ... continue reading
Let me Count the Ways: Determining Why the System Process Consumes 100% of a Single CPU Core

Let me Count the Ways: Determining Why the System Process Consumes 100% of a Single CPU Core

NOTE: This blog is going through a specific issue in order to help show the steps involved in troubleshooting this type of issue. The process name(s) referenced in this content, except for System, can be any process, and not just ... continue reading

Step by Step: Creating a JEA endpoint for DNS management

First published on TECHNET on Mar 07, 2017 Just Enough Administration (JEA) provides a way for administrators to delegate certain admin tasks to non-administrators using PowerShell. Unlike some of the other built-in delegation solutions in Windows, JEA is not tied ... continue reading
Overview of Device Guard in Windows Server 2016

Overview of Device Guard in Windows Server 2016

First published on TECHNET on Sep 20, 2016 With thousands of new malware released every day, it may not be sufficient to only use signature-based detection to fight against malware. Device Guard on Windows Server 2016 changes from a mode ... continue reading

Step by Step: Shielding existing VMs without VMM

First published on TECHNET on Sep 01, 2016 Continuing on the topic of Shielded VMs from my last blog on creating shielded VMs, this blogpost will share my learnings from validating the scenario. This blogpost doesn't dive deep in terminologies ... continue reading