Group Policy Preferences Drive Map Survey and Feedback
Heya folks, Ned here again. I just published a survey for IT Pros on Group Policy Preferences Drive Map. It's just a few minutes of your time, totally anonymous (unless you want to talk more) and could help make your life easier someday ... continue reading
How To Automate The Hybrid World Part Two Of Two
Hi, Jonas here! Or as we say in the north of Germany: "Moin Moin!"I’m a Microsoft Senior Cloud Solution Architect – Engineering (or short Sr. CSA-E) and in this article I want to talk about how to automate the hybrid world. Over ... continue reading
How to Manage Microsoft Defender on Windows Server via Intune
As companies adopt Microsoft Defender, there are certain questions coming from customers in terms of EPP management. These questions are mostly focusing on Microsoft Defender management in Windows Servers. I’d like to touch base on different management options for different ... continue reading
Windows 10 or Windows 11 GPO ADMX – An Update
Hi community, I am Helmut Wagensonner, a Cloud Solution Architect – Engineer at Microsoft. In a former blog (https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/windows-10-or-windows-11-gpo-admx-which-one-to-use-for-your/ba-p/3063322), where I did a comparison between Windows 10 and Windows 11 ADMX files, I promised in my comments to do ... continue reading
Azure Update Management Windows Update Desired State Configuration
Introduction Even though the Azure Update Center is already in preview many of our customers are still using Azure Update Management (the solution that uses Automation Account and Log Analytics workspace) to patch their servers. During one of these engagements, ... continue reading

DEV-0139 launches targeted attacks against the cryptocurrency industry
Over the past several years, the cryptocurrency market has considerably expanded, gaining the interest of investors and threat actors. Cryptocurrency itself has been used by cybercriminals for their operations, notably for ransom payment in ransomware attacks, but we have also ... continue reading

Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread. These infections lead to ... continue reading

How to prevent lateral movement attacks using Microsoft 365 Defender
It’s been 10 years since the first version of the Mitigating Pass-the-Hash Attacks and Other Credential Theft whitepaper was made available, but the techniques are still relevant today, because they help prevent attackers from gaining a network foothold and using credential-dumping tools ... continue reading

DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector
In recent months, Microsoft has detected active ransomware and extortion campaigns impacting the global education sector, particularly in the US, by a threat actor we track as DEV-0832, also known as Vice Society. Shifting ransomware payloads over time from BlackCat, ... continue reading

New “Prestige” ransomware impacts organizations in Ukraine and Poland
The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which labels ... continue reading