
Microsoft achieves first native Cloud Data Management Capabilities certification
Today, Microsoft announced the successful completion of the Cloud Data Management Capabilities (CDMC) 14 Key Controls and Automations certification, conducted by Accenture and Avanade, accelerating the industry’s move to the cloud. The 14 Key Controls and Automations are a part ... continue reading

Get integrated Microsoft Purview Information Protection in Adobe Acrobat—now available
This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Data security and compliance are a top priority for leaders as cyberattacks are on the rise. In fact, attacks have increased by 32 percent ... continue reading

New research, tooling, and partnerships for more secure AI and machine learning
Today we’re on the verge of a monumental shift in the technology landscape that will forever change the security community. AI and machine learning may embody the most consequential technology advances of our lifetime, bringing huge opportunities to build, discover, ... continue reading
SEC cyber risk management rule—a security and compliance opportunity
In my practice as a Microsoft Global Black Belt, I focus on the technical and business enablement aspects of protecting organizations from cyber threats with tools like Microsoft 365 Defender, Microsoft Purview and Microsoft Sentinel. In my role as a ... continue reading

Microsoft shifts to a comprehensive SaaS security solution
Software as a service (SaaS) apps are ubiquitous, hybrid work is the new normal, and protecting them and the important data they store is a big challenge for organizations. Today, 59 percent of security professionals find the SaaS sprawl challenging ... continue reading
4 things to look for in a multicloud data protection solution
What does it mean to be a multicloud organization? As the name implies, the term describes a model of cloud computing where an organization uses multiple clouds—two or more public clouds, private clouds, or a combination of public, private, and ... continue reading

IIS modules: The evolution of web shells and how to detect them
Web exploitation and web shells are some of the most common entry points in the current threat landscape. Web servers provide an external avenue directly into your corporate network, which often results in web servers being an initial intrusion vector ... continue reading

DEV-0139 launches targeted attacks against the cryptocurrency industry
Over the past several years, the cryptocurrency market has considerably expanded, gaining the interest of investors and threat actors. Cryptocurrency itself has been used by cybercriminals for their operations, notably for ransom payment in ransomware attacks, but we have also ... continue reading
Quick Reference: Understanding Azure Reservations vs Savings Plans
Hi everyone! Brandon Wilson (Cloud Solution Architect/Engineer) here today to discuss some of the higher-level points of Azure Savings Plans, a new offering to help customers save, and Azure reservations (ie; reserved instances). This post isn’t intended to be ... continue reading

Token tactics: How to prevent, detect, and respond to cloud token theft
As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has ... continue reading