As members of Microsoft’s Detection and Response Team (DART), we’ve seen a significant increase in adversaries “living off the land” and using compromised account credentials for malicious purposes. From an investigation standpoint, tracking adversaries using this method is quite difficult ... continue reading

The purpose of this post is to show how you can collect and query security events of interest from Windows servers. To do this we will use: Azure Security Center to collect events Log Analytics Workspace to store events Kusto ... continue reading

Background Flash back to the late 80's...mullets for all, Polo drenched teens, big hair, and RC4 in all it's glory. Life was good. Flash forward to now and all of these things are out of style. In the case of ... continue reading

I've been doing system administration since roughly 1994 and in that time I've come to realize one thing: making changes to established environments always causes a ripple effect. The impact of changes usually doesn't surface right away, so associating the ... continue reading

Hello Everyone, my name is Zoheb Shaikh and I’m a Solution Engineer working with Microsoft Mission Critical team (SMC). I’ll share with you something interesting that I came across recently where one of our Enterprise customers had multiple clients where ... continue reading

First published on MSDN on Jul 19, 2018 Introduction: This document is intended to be used as an operational build document for the Microsoft Identity Management 2016 MIM Service and Portal Server installation. This guide does not cover the installation ... continue reading

Hi All, Alan here again, this time trying to give some details on these two settings that will become active from January 2020 and they are creating some misunderstandings. Let’s start saying that since Windows Server 2008 we have events ... continue reading

First published on MSDN on Jul 19, 2018 Introduction: This document is intended to be used as an operational build document for the Microsoft Identity Management 2016 MIM Service and Portal Server installation. This guide does not cover the installation ... continue reading

First published on MSDN on Jun 07, 2018 This document is intended to be used as an operational preparatory document for the Microsoft Identity Management 2016 MIM Service and Portal Server installation. This guide covers the service accounts, Service Principal ... continue reading

First published on MSDN on Jun 01, 2018 This document is intended to be used as an operational build document for the installation of SharePoint Foundation 2013 SP1 for use with Forefront Identity Manager 2010 R2 or Microsoft Identity Management ... continue reading