Select Page
Side view close-up of a man typing on his phone while standing behind a Microsoft Surface Studio.

New security features in Windows 11 protect users and empower IT

While attacks are getting more sophisticated, so are our defenses. With recent innovations like secured-core PCs that are 60 percent more resilient to malware than non-secured-core PCs,1 and the Microsoft Pluton Security Processor that adds more protection by isolating sensitive ... continue reading
JerryDevore_0-1695331302683.png

Active Directory Hardening Series – Part 1 – Disabling NTLMv1

Active Directory Hardening Series - Part 1 – Disabling NTLMv1   Hello everyone, Jerry Devore back again after to along break from blogging to talk about Active Directory hardening.  In my role at Microsoft, I have found every organization has ... continue reading
Flax Typhoon attack chain through the initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, and command and control stages.

Flax Typhoon using legitimate software to quietly access Taiwanese organizations

Summary Microsoft has identified a nation-state activity group tracked as Flax Typhoon, based in China, that is targeting dozens of organizations in Taiwan with the likely intention of performing espionage. Flax Typhoon gains and maintains long-term access to Taiwanese organizations’ ... continue reading

Deploying Microsoft Defender for Servers in Network-Restricted Environments

Microsoft Defender for Servers (part of the Microsoft Defender for Cloud security suite), being a comprehensive solution for server protection across multi-cloud and hybrid environments, requires the deployment of several agents to achieve its multiple protection capabilities. As many of ... continue reading
The care and feeding of Azure Arc for Servers

The care and feeding of Azure Arc for Servers

Microsoft Azure has a great set of capabilities for managing non-Azure based servers, including monitoring, policy evaluation, inventory and change tracking, and security tools. Access to those services for non-Azure servers may be via Azure Arc – specifically installation of ... continue reading
A scary vampire shadow on a staircase from the 1922 film Nosferatu

SMB Signing and Guest Authentication

Heya folks, Ned here again. We recently made SMB signing the default in Windows Insider Enterprise client builds. In doing so, we were quickly reminded of a consequence from an old unsafe SMB behavior that some folks still use: guest authentication ... continue reading
Tabletop boardgame figures attack a huge red monster

SMB signing required by default in Windows Insider

Heya folks, Ned here again. Beginning in Windows 11 Insider Preview Build 25381 (Canary, zn_release) Enterprise editions, SMB signing is now required by default for all connections. This changes legacy behavior, where Windows 10 and 11 required SMB signing by ... continue reading
Unified update platform (UUP) FAQ's

Unified update platform (UUP) FAQ’s

After a month of UUP update release, sharing best practices based on our field and feedback through multiple channels. 1. Will UUP patch work for CB 2111 and below? Our pre-req is Configuration Manager Version 2203 and above as per ... continue reading
Attack flow of the threat actor through initial access, execution, discovery, persistence, credential access, lateral movement, execution, impact, and communications stages.

MERCURY and DEV-1084: Destructive attack on hybrid environment

Microsoft Threat Intelligence has detected destructive operations enabled by MERCURY, a nation-state actor linked to the Iranian government, that attacked both on-premises and cloud environments. While the threat actors attempted to masquerade the activity as a standard ransomware campaign, the ... continue reading
DaveGuenthner_0-1678543260300.png

Migrating from Office 20162019 to Microsoft 365 Apps

Note: While we normally don’t cover this type of content on the Core Infrastructure and Security Blog, we thought this was important enough to provide our readers in order to support many Microsoft security capabilities.   Introduction Hello everyone, I ... continue reading