
New security features in Windows 11 protect users and empower IT
While attacks are getting more sophisticated, so are our defenses. With recent innovations like secured-core PCs that are 60 percent more resilient to malware than non-secured-core PCs,1 and the Microsoft Pluton Security Processor that adds more protection by isolating sensitive ... continue reading
Active Directory Hardening Series – Part 1 – Disabling NTLMv1
Active Directory Hardening Series - Part 1 – Disabling NTLMv1 Hello everyone, Jerry Devore back again after to along break from blogging to talk about Active Directory hardening. In my role at Microsoft, I have found every organization has ... continue reading

Flax Typhoon using legitimate software to quietly access Taiwanese organizations
Summary Microsoft has identified a nation-state activity group tracked as Flax Typhoon, based in China, that is targeting dozens of organizations in Taiwan with the likely intention of performing espionage. Flax Typhoon gains and maintains long-term access to Taiwanese organizations’ ... continue reading
Deploying Microsoft Defender for Servers in Network-Restricted Environments
Microsoft Defender for Servers (part of the Microsoft Defender for Cloud security suite), being a comprehensive solution for server protection across multi-cloud and hybrid environments, requires the deployment of several agents to achieve its multiple protection capabilities. As many of ... continue reading
The care and feeding of Azure Arc for Servers
Microsoft Azure has a great set of capabilities for managing non-Azure based servers, including monitoring, policy evaluation, inventory and change tracking, and security tools. Access to those services for non-Azure servers may be via Azure Arc – specifically installation of ... continue reading
SMB Signing and Guest Authentication
Heya folks, Ned here again. We recently made SMB signing the default in Windows Insider Enterprise client builds. In doing so, we were quickly reminded of a consequence from an old unsafe SMB behavior that some folks still use: guest authentication ... continue reading
SMB signing required by default in Windows Insider
Heya folks, Ned here again. Beginning in Windows 11 Insider Preview Build 25381 (Canary, zn_release) Enterprise editions, SMB signing is now required by default for all connections. This changes legacy behavior, where Windows 10 and 11 required SMB signing by ... continue reading
Unified update platform (UUP) FAQ’s
After a month of UUP update release, sharing best practices based on our field and feedback through multiple channels. 1. Will UUP patch work for CB 2111 and below? Our pre-req is Configuration Manager Version 2203 and above as per ... continue reading

MERCURY and DEV-1084: Destructive attack on hybrid environment
Microsoft Threat Intelligence has detected destructive operations enabled by MERCURY, a nation-state actor linked to the Iranian government, that attacked both on-premises and cloud environments. While the threat actors attempted to masquerade the activity as a standard ransomware campaign, the ... continue reading
Migrating from Office 20162019 to Microsoft 365 Apps
Note: While we normally don’t cover this type of content on the Core Infrastructure and Security Blog, we thought this was important enough to provide our readers in order to support many Microsoft security capabilities. Introduction Hello everyone, I ... continue reading