Select Page

How Do I Discover Changes to an AD Group’s Membership

Q: Is there an easy way to detect and changes to important the membership of AD Groups? A: Easy using PowerShell 7, WMI, and the CIM Cmdlets. WMI Windows Management Instrumentation (WMI) is an important component of the Windows operating ... continue reading
WDCFA.gif

Windows 10 Controlled Folder Access Event Search

Dear IT Pros, Ransomware acts with accessing to the files, folders and encrypting them, to respond against it, we need to enable the Windows Defender feature named “Controlled Folder Access” – WDCFA and monitor the Windows Defender Guard Events in ... continue reading
Using the Serial Console on Windows IaaS VMs

Using the Serial Console on Windows IaaS VMs

If you make a mistake when configuring operating system firewall rules that block you from accessing the VM, or a service is stopping an IaaS VM from booting, or some other configuration problem such as a newly installed application is ... continue reading
bwatts670_0-1617478804224.png

Exploring Anomalies with Log Analytics using KQL

Detecting anomalies in your data can be a very powerful and desired functionality. Within Azure Monitor we provide a really easy method to alert on Anomalies if they are coming from Metrics (Creating Alerts with Dynamic Thresholds in Azure Monitor ... continue reading
HAFNIUM targeting Exchange Servers with 0-day exploits

HAFNIUM targeting Exchange Servers with 0-day exploits

Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to ... continue reading
Bild1.png

Enable Application Setups to Change File Type Associations

Tested with Windows 10 1609 up to 20H2 Hey community, this is Helmut Wagensonner, a Customer Engineer for Windows Client platform. Today I show you a way to make file type associations more enterprise ready. I heard many of my ... continue reading

The dynamic duo: How to build a red and blue team to strengthen your cybersecurity, Part 2

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the first post of our new Voice of the Community blog series, Microsoft Product Marketing Manager Natalia Godyla talks with Jake Williams, ... continue reading
EJansen_5-1611087576858.png

Secrets from the Deep – The DNS Analytical Log – Part 4

Hi Team, it's Eric Jansen again, here today to continue where we left off in Part 3 of the series. In the last episode, we discussed how to parse the DNS Analytical Log using a sample scenario where I've deployed ... continue reading
MDfIst.gif

Microsoft Defender for Identity – Azure ATP Deployment and Troubleshooting

Hi IT Pros, Recently, I searched the internet and could not find the document for Microsoft Defender for Identity (Azure ATP) Setup and Troubleshooting. So, I prepared this document for our convenient reference and deployment in the future. Please check ... continue reading
Image of the shared responsibility model showing customer, service, and cloud responsibilities

Best practices for defending Azure Virtual Machines

One of the things that our Detection and Response Team (DART) and Customer Service and Support (CSS) security teams see frequently during investigation of customer incidents are attacks on virtual machines from the internet. This is one area in the ... continue reading