Select Page
Threat hunting in Azure Advanced Threat Protection (ATP)

Threat hunting in Azure Advanced Threat Protection (ATP)

As members of Microsoft’s Detection and Response Team (DART), we’ve seen a significant increase in adversaries “living off the land” and using compromised account credentials for malicious purposes. From an investigation standpoint, tracking adversaries using this method is quite difficult ... continue reading
clipboard_image_0.png

Using Azure Security Center and Log Analytics to Audit Use of NTLM

The purpose of this post is to show how you can collect and query security events of interest from Windows servers. To do this we will use: Azure Security Center to collect events Log Analytics Workspace to store events Kusto ... continue reading
TrustEncr.png

The RC4 Removal Files Part 2: In AES We Trust

Background Flash back to the late 80's...mullets for all, Polo drenched teens, big hair, and RC4 in all it's glory. Life was good. Flash forward to now and all of these things are out of style. In the case of ... continue reading

The RC4 Removal Files Part 1: What’s in an error message?

I've been doing system administration since roughly 1994 and in that time I've come to realize one thing: making changes to established environments always causes a ripple effect. The impact of changes usually doesn't surface right away, so associating the ... continue reading
The Case of SPNs Breaking Group Policy Application

The Case of SPNs Breaking Group Policy Application

Hello Everyone, my name is Zoheb Shaikh and I’m a Solution Engineer working with Microsoft Mission Critical team (SMC). I’ll share with you something interesting that I came across recently where one of our Enterprise customers had multiple clients where ... continue reading

MIM 2016 SP1 – Service and Portal Installation Guide

First published on MSDN on Jul 19, 2018 Introduction: This document is intended to be used as an operational build document for the Microsoft Identity Management 2016 MIM Service and Portal Server installation. This guide does not cover the installation ... continue reading
LDAP Channel Binding and LDAP Signing Requirements - JANUARY 2020 Updates

LDAP Channel Binding and LDAP Signing Requirements – JANUARY 2020 Updates

Hi All, Alan here again, this time trying to give some details on these two settings that will become active from January 2020 and they are creating some misunderstandings. Let’s start saying that since Windows Server 2008 we have events ... continue reading

MIM 2016 SP1–Service and Portal Installation Guide

First published on MSDN on Jul 19, 2018 Introduction: This document is intended to be used as an operational build document for the Microsoft Identity Management 2016 MIM Service and Portal Server installation. This guide does not cover the installation ... continue reading

Service Accounts, SPNs, and Kerberos Delegation configurations for MIM Service and Portal Installation

First published on MSDN on Jun 07, 2018 This document is intended to be used as an operational preparatory document for the Microsoft Identity Management 2016 MIM Service and Portal Server installation. This guide covers the service accounts, Service Principal ... continue reading

Install of SharePoint Foundation 2013 SP1 for use with FIM / MIM

First published on MSDN on Jun 01, 2018 This document is intended to be used as an operational build document for the installation of SharePoint Foundation 2013 SP1 for use with Forefront Identity Manager 2010 R2 or Microsoft Identity Management ... continue reading