While attacks are getting more sophisticated, so are our defenses. With recent innovations like secured-core PCs that are 60 percent more resilient to malware than non-secured-core PCs,1 and the Microsoft Pluton Security Processor that adds more protection by isolating sensitive ... continue reading

Active Directory Hardening Series - Part 1 – Disabling NTLMv1   Hello everyone, Jerry Devore back again after to along break from blogging to talk about Active Directory hardening.  In my role at Microsoft, I have found every organization has ... continue reading

Summary Microsoft has identified a nation-state activity group tracked as Flax Typhoon, based in China, that is targeting dozens of organizations in Taiwan with the likely intention of performing espionage. Flax Typhoon gains and maintains long-term access to Taiwanese organizations’ ... continue reading

Microsoft Defender for Servers (part of the Microsoft Defender for Cloud security suite), being a comprehensive solution for server protection across multi-cloud and hybrid environments, requires the deployment of several agents to achieve its multiple protection capabilities. As many of ... continue reading

Microsoft Azure has a great set of capabilities for managing non-Azure based servers, including monitoring, policy evaluation, inventory and change tracking, and security tools. Access to those services for non-Azure servers may be via Azure Arc – specifically installation of ... continue reading

Heya folks, Ned here again. We recently made SMB signing the default in Windows Insider Enterprise client builds. In doing so, we were quickly reminded of a consequence from an old unsafe SMB behavior that some folks still use: guest authentication ... continue reading

Heya folks, Ned here again. Beginning in Windows 11 Insider Preview Build 25381 (Canary, zn_release) Enterprise editions, SMB signing is now required by default for all connections. This changes legacy behavior, where Windows 10 and 11 required SMB signing by ... continue reading

After a month of UUP update release, sharing best practices based on our field and feedback through multiple channels. 1. Will UUP patch work for CB 2111 and below? Our pre-req is Configuration Manager Version 2203 and above as per ... continue reading

Microsoft Threat Intelligence has detected destructive operations enabled by MERCURY, a nation-state actor linked to the Iranian government, that attacked both on-premises and cloud environments. While the threat actors attempted to masquerade the activity as a standard ransomware campaign, the ... continue reading

Note: While we normally don’t cover this type of content on the Core Infrastructure and Security Blog, we thought this was important enough to provide our readers in order to support many Microsoft security capabilities.   Introduction Hello everyone, I ... continue reading