Azure Stack HCI: What’s new for Software Defined Networking (SDN) with WAC v2211
A warm 2023 “Hello” to our Customers and Partners! Today is an exciting day as we share with each of you the extensive new features and improvements for SDN in Windows Admin Center 2211 (WAC)! We cannot thank you enough ... continue reading
Windows 10 or Windows 11 GPO ADMX – An Update
Hi community, I am Helmut Wagensonner, a Cloud Solution Architect – Engineer at Microsoft. In a former blog (https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/windows-10-or-windows-11-gpo-admx-which-one-to-use-for-your/ba-p/3063322), where I did a comparison between Windows 10 and Windows 11 ADMX files, I promised in my comments to do ... continue reading
How Do I Know If My AD Environment Is Impacted By The November 8th 2022 Patch?
Q: How can I determine if objects in my AD environment are impacted by the November 8th 2022 patch? A: Use a couple of queries I wrote specifically for that purpose. November 8th, 2022 brought us a patch ... continue reading

How to prevent lateral movement attacks using Microsoft 365 Defender
It’s been 10 years since the first version of the Mitigating Pass-the-Hash Attacks and Other Credential Theft whitepaper was made available, but the techniques are still relevant today, because they help prevent attackers from gaining a network foothold and using credential-dumping tools ... continue reading

DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector
In recent months, Microsoft has detected active ransomware and extortion campaigns impacting the global education sector, particularly in the US, by a threat actor we track as DEV-0832, also known as Vice Society. Shifting ransomware payloads over time from BlackCat, ... continue reading

SMB authentication rate limiter now on by default in Windows Insider
Heya folks, Ned here again. Back in the spring of 2022 we released a new SMB preview feature: the SMB authentication rate limiter. It is available in Windows 11 Insider and Windows Server Insider builds. IT staff often enable access to the SMB server service ... continue reading
Upgrading your container app from Windows Server 2019 to 2022 on Azure Kubernetes Service
Note: As of the writing of this blog, Windows Server 2022 is on Public Preview on Azure Kubernetes Service (AKS). If you’ve been playing with containers, the thought of upgrading to a new OS version might seem way too simple: ... continue reading
The RC4 Removal Files Part 3 – The “Everything Else” Of It
I’m not a fan of folks that glaze over problems, not that I’m a pessimist mind you, I do my fair share of finding the bright side of bad situations. When this RC4 project started, I heard lots of optimistic ... continue reading
To AAD Join or Not … That is the Question
As we all know, the cloud paradigm shifts in IT continue. When I worked in corporate IT - heck, when I started blogging out here - on-prem was really all there was. Active Directory, GPOs and WINS were all the ... continue reading

Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp)
On April 24, 2022, a privilege escalation hacking tool, KrbRelayUp, was publicly disclosed on GitHub by security researcher Mor Davidovich. KrbRelayUp is a wrapper that can streamline the use of some features in Rubeus, KrbRelay, SCMUACBypass, PowerMad/SharpMad, Whisker, and ADCSPwn ... continue reading