Select Page
Infographic showing the classic SIEM model: Incidents, Alert Queue, Primary Investigation, Pivot and Remediate.

CISO series: Lessons learned from the Microsoft SOC—Part 3a: Choosing SOC tools

The Lessons learned from the Microsoft SOC blog series is designed to share our approach and experience with security operations center (SOC) operations. Our learnings in the series come primarily from Microsoft’s corporate IT security operation team, one of several ... continue reading
Top 10 Networking Features in Windows Server 2019: #10 Accurate Network Time

Top 10 Networking Features in Windows Server 2019: #10 Accurate Network Time

First published on TECHNET on Jul 18, 2018This blog is part of a series for the Top 10 Networking Features in Windows Server 2019!-- Due to the move of blog locations, if you find a broken link, please check https://aka.ms/W32Time ... continue reading
AAD Dynamic Groups, Controlled MFA Registration, Intune + Admin Templates and AIP Log Analytics

AAD Dynamic Groups, Controlled MFA Registration, Intune + Admin Templates and AIP Log Analytics

Hi folks – this morning, I’m taking a little side-trip away from my series about the modern Microsoft productivity platform for a brief review of a handful of new or lesser-known gems. I’m going to touch on four capabilities, all ... continue reading

Decoding Bugcheck 0x0000009E

First published on MSDN on Nov 13, 2013 In the System event log you may find an event similar to the following: Event ID: 1001 Source: Microsoft-Windows-WER-SystemErrorReporting Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009e (0x0000000000000000, ... continue reading
Failed Login Report Using Log Analytics and Logic Apps

Failed Login Report Using Log Analytics and Logic Apps

My name is Brad Watts and I’m a SCOM PFE. I wanted to take a little bit of time to demonstrate how you can use Azure Log Analytics along with Azure Logic Apps to email out reports on important information ... continue reading
Step-By-Step: Implementing Azure AD Password Protection On-Premises

Step-By-Step: Implementing Azure AD Password Protection On-Premises

I travel a lot in Italy, and many times I see multiple customers that are asking for the same requests. One request is the possibility to block some specific passwords in Active Directory. Unfortunately too many users have BAD habits ... continue reading
Windows Server 2016: WUSA Event ID 3: "The referenced assembly could not be found"

Windows Server 2016: WUSA Event ID 3: “The referenced assembly could not be found”

First published on TECHNET on Apr 17, 2019Hi this is Michael Koeppl from the Support for Mission Critical team again. This time I wanted to walk you through a recent troubleshooting scenario I had at my customer.14 out of 2150 ... continue reading

Understanding how Failover Clustering Recovers from Unresponsive Resources

First published on MSDN on Jan 24, 2013 In this blog I will discuss how Failover Clustering communicates with cluster resources, along with how clustering detects and recovers when something goes wrong. For the sake of simplicity I will use ... continue reading
Let me Count the Ways: Determining Why the System Process Consumes 100% of a Single CPU Core

Let me Count the Ways: Determining Why the System Process Consumes 100% of a Single CPU Core

NOTE: This blog is going through a specific issue in order to help show the steps involved in troubleshooting this type of issue. The process name(s) referenced in this content, except for System, can be any process, and not just ... continue reading

Step by Step: Creating a JEA endpoint for DNS management

First published on TECHNET on Mar 07, 2017 Just Enough Administration (JEA) provides a way for administrators to delegate certain admin tasks to non-administrators using PowerShell. Unlike some of the other built-in delegation solutions in Windows, JEA is not tied ... continue reading