Select Page
EDM Council CDMC Cloud Certified certification badge.

Microsoft achieves first native Cloud Data Management Capabilities certification

Today, Microsoft announced the successful completion of the Cloud Data Management Capabilities (CDMC) 14 Key Controls and Automations certification, conducted by Accenture and Avanade, accelerating the industry’s move to the cloud. The 14 Key Controls and Automations are a part ... continue reading
Computer with non-disclosure agreement with Microsoft Sensitivity label function.

Get integrated Microsoft Purview Information Protection in Adobe Acrobat—now available

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA.  Data security and compliance are a top priority for leaders as cyberattacks are on the rise. In fact, attacks have increased by 32 percent ... continue reading
Diagram comparing traditional programming and the AI paradigm

New research, tooling, and partnerships for more secure AI and machine learning

Today we’re on the verge of a monumental shift in the technology landscape that will forever change the security community. AI and machine learning may embody the most consequential technology advances of our lifetime, bringing huge opportunities to build, discover, ... continue reading

SEC cyber risk management rule—a security and compliance opportunity

In my practice as a Microsoft Global Black Belt, I focus on the technical and business enablement aspects of protecting organizations from cyber threats with tools like Microsoft 365 Defender, Microsoft Purview and Microsoft Sentinel. In my role as a ... continue reading
Microsoft’s approach to SaaS Security and the core product pillars: discovery, SaaS Security posture management, information protection, threat protection and app to app protection.

Microsoft shifts to a comprehensive SaaS security solution

Software as a service (SaaS) apps are ubiquitous, hybrid work is the new normal, and protecting them and the important data they store is a big challenge for organizations. Today, 59 percent of security professionals find the SaaS sprawl challenging ... continue reading

4 things to look for in a multicloud data protection solution

What does it mean to be a multicloud organization? As the name implies, the term describes a model of cloud computing where an organization uses multiple clouds—two or more public clouds, private clouds, or a combination of public, private, and ... continue reading
A diagram showing how a malicious IIS module sits between a web server and the client. The malicious IIS module is shown intercepting requests between the web server and client on the BeginRequest, EndRequest, and Error event triggers.

IIS modules: The evolution of web shells and how to detect them 

Web exploitation and web shells are some of the most common entry points in the current threat landscape. Web servers provide an external avenue directly into your corporate network, which often results in web servers being an initial intrusion vector ... continue reading
diagram

DEV-0139 launches targeted attacks against the cryptocurrency industry

Over the past several years, the cryptocurrency market has considerably expanded, gaining the interest of investors and threat actors. Cryptocurrency itself has been used by cybercriminals for their operations, notably for ransom payment in ransomware attacks, but we have also ... continue reading
Reserved Instance/Savings Plan scopes

Quick Reference: Understanding Azure Reservations vs Savings Plans

  Hi everyone! Brandon Wilson (Cloud Solution Architect/Engineer) here today to discuss some of the higher-level points of Azure Savings Plans, a new offering to help customers save, and Azure reservations (ie; reserved instances). This post isn’t intended to be ... continue reading
Flowchart for Azure Active Directory issuing tokens.

Token tactics: How to prevent, detect, and respond to cloud token theft

As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has ... continue reading