Select Page
image001.png

Decrypting the Selection of Supported Kerberos Encryption Types

  In recent months Microsoft support has received a lot of questions regarding disabling RC4 for the encryption of Kerberos tickets.  If I had to guess the CIS L1 Baseline and RFC 8429 guidance to disable RC4 is responsible for ... continue reading
Diagram showing pairs of machine learning models on the endpoint and in the cloud using AMSI to detect malicious scripts

Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning

When attackers successfully breach a target network, their typical next step is to perform reconnaissance of the network, elevate their privileges, and move laterally to reach specific machines or spread as widely as possible. For these activities, attackers often probe ... continue reading
Diagram showing an attack chain involving attack sprawl and techniques like overpass-the-hash

Inside Microsoft Threat Protection: Solving cross-domain security incidents through the power of correlation analytics

In theory, a cyberattack can be disrupted at every phase of the attack chain. In reality, however, defense stack boundaries should overlap in order to be effective. When a threat comes via email, for example, even with good security solutions ... continue reading
Building better identity solutions with our partners at Microsoft Inspire

Building better identity solutions with our partners at Microsoft Inspire

Hello Everyone - This week is Microsoft Inspire where we celebrate our partners that have helped us innovate and accelerate growth over the last year. Whether businesses are starting their journey to cloud identity, migrating applications to modern authentication, or ... continue reading
How to Defend Users from Interception Attacks via SMB Client Defense

How to Defend Users from Interception Attacks via SMB Client Defense

Hey folks, Ned here again with another guest post. Today we discuss hardening the SMB protocol in Windows against interception attacks, previously referred to as “Man-in-the-Middle” attacks. As you know, interception attacks involve manipulating communications between client and server. An ... continue reading
Configure Selective Password Synchronization With AADConnect

Configure Selective Password Synchronization With AADConnect

Namaste everyone, my name is Varun Kohli, I am an Identity and Security Consultant at Microsoft Services, India. Through this blog I would like to share details about how we can configure AADConnect to synchronize password hashes to Azure AD ... continue reading
Undelete soft-deleted file share in the Azure portal.

Azure Files enhances data protection capabilities

Protecting your production data is critical for any business. That’s why Azure Files has a multi-layered approach to ensuring your data is highly available, backed up, and recoverable. Whether it’s a ransomware attack, a datacenter outage, or a file share ... continue reading
image.png

“Why are my users not prompted for MFA as expected?”

“MFA” or ‘Multi-Factor Authentication’ is a process where something more than just a username and password is required before granting access to a resource.   This could be a one-time code sent to a user’s cellphone via SMS text, a ... continue reading
1.png

Beyond the Edge: How to Secure SMB Traffic in Windows

Hiya folks, Ned here again. Organizations are good at firewalling the network edge to stop inbound intruders. We need to move on to preventing outbound and lateral network communications. With the rise of mobile computing and ease of phishing users, ... continue reading

Domain Time Synchronization in the Age of Working from Home

Happy Friday everyone! Brandon Wilson here posting on behalf of a new guest author, Sarath Madakasira. So, without further ado... Working from home has presented challenges in many areas and it is true for time synchronization on computers used at ... continue reading