Select Page
2023-02-01_11-52-50.jpg

Group Policy Preferences Drive Map Survey and Feedback

Heya folks, Ned here again. I just published a survey for IT Pros on Group Policy Preferences Drive Map. It's just a few minutes of your time, totally anonymous (unless you want to talk more) and could help make your life easier someday ... continue reading
Local Computer Policy - User Rights Assignment Dialog

How To Automate The Hybrid World Part Two Of Two

Hi, Jonas here! Or as we say in the north of Germany: "Moin Moin!"I’m a Microsoft Senior Cloud Solution Architect – Engineering (or short Sr. CSA-E) and in this article I want to talk about how to automate the hybrid world. Over ... continue reading
Snippet from Group Policy Object, Microsoft Defender Antivirus Policies

How to Manage Microsoft Defender on Windows Server via Intune

As companies adopt Microsoft Defender, there are certain questions coming from customers in terms of EPP management. These questions are mostly focusing on Microsoft Defender management in Windows Servers. I’d like to touch base on different management options for different ... continue reading
hewagen_0-1671804677570.png

Windows 10 or Windows 11 GPO ADMX – An Update

Hi community,   I am Helmut Wagensonner, a Cloud Solution Architect – Engineer at Microsoft. In a former blog (https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/windows-10-or-windows-11-gpo-admx-which-one-to-use-for-your/ba-p/3063322), where I did a comparison between Windows 10 and Windows 11 ADMX files, I promised in my comments to do ... continue reading
1.png

Azure Update Management Windows Update Desired State Configuration

Introduction Even though the Azure Update Center is already in preview many of our customers are still using Azure Update Management (the solution that uses Automation Account and Log Analytics workspace) to patch their servers. During one of these engagements, ... continue reading
diagram

DEV-0139 launches targeted attacks against the cryptocurrency industry

Over the past several years, the cryptocurrency market has considerably expanded, gaining the interest of investors and threat actors. Cryptocurrency itself has been used by cybercriminals for their operations, notably for ransom payment in ransomware attacks, but we have also ... continue reading
This diagram shows the linear progression of earlier Raspberry Robin infections.

Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity

Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread. These infections lead to ... continue reading
A Simplified schematic IT environment is split into three zones, Tier 0 with Domain Controllers, Tier 1 with servers and applications and Tier 2 with users and workstation systems. Zones are separated by red dotted line.

How to prevent lateral movement attacks using Microsoft 365 Defender

It’s been 10 years since the first version of the Mitigating Pass-the-Hash Attacks and Other Credential Theft whitepaper was made available, but the techniques are still relevant today, because they help prevent attackers from gaining a network foothold and using credential-dumping tools ... continue reading
DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector

DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector

In recent months, Microsoft has detected active ransomware and extortion campaigns impacting the global education sector, particularly in the US, by a threat actor we track as DEV-0832, also known as Vice Society. Shifting ransomware payloads over time from BlackCat, ... continue reading
New “Prestige” ransomware impacts organizations in Ukraine and Poland

New “Prestige” ransomware impacts organizations in Ukraine and Poland

The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which labels ... continue reading