Select Page
The Remote Desktop Users control on Windows Server 2019

Troubleshooting log on errors to an Azure AD DS domain joined Windows Server VM

If you've created a Windows Server virtual machine in Azure and are joining it to an Azure AD Domain Services managed domain or logging onto it via RDP, there are a couple of errors you can hit. Let's look at ... continue reading
MDfI3.gif

Microsoft Defender for Identity – Azure ATP Daily Operation

Hi IT Pros, I would like to continue the blog about Microsoft Defender for Identity with topic related to the daily operation of SecOp Team who traces all attacks against Identities stored in your on-prem Active Directory domain controllers. Please ... continue reading
BrandonWilson_0-1602792216323.png

MCM: Core Active Directory Internals

First published on TechNet on Jul 22, 2012 Disclaimer: For brevity and to get some key points across, quite a bit of detail about about Active Directory, the underlying database, and replication have been purposely ommitted from this blog. Now, ... continue reading
Trickbot disrupted

Trickbot disrupted

As announced today, Microsoft took action against the Trickbot botnet, disrupting one of the world’s most persistent malware operations. Microsoft worked with telecommunications providers around the world to disrupt key Trickbot infrastructure. As a result, operators will no longer be ... continue reading
image001.png

Decrypting the Selection of Supported Kerberos Encryption Types

  In recent months Microsoft support has received a lot of questions regarding disabling RC4 for the encryption of Kerberos tickets.  If I had to guess the CIS L1 Baseline and RFC 8429 guidance to disable RC4 is responsible for ... continue reading
Diagram showing pairs of machine learning models on the endpoint and in the cloud using AMSI to detect malicious scripts

Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning

When attackers successfully breach a target network, their typical next step is to perform reconnaissance of the network, elevate their privileges, and move laterally to reach specific machines or spread as widely as possible. For these activities, attackers often probe ... continue reading
Diagram showing an attack chain involving attack sprawl and techniques like overpass-the-hash

Inside Microsoft Threat Protection: Solving cross-domain security incidents through the power of correlation analytics

In theory, a cyberattack can be disrupted at every phase of the attack chain. In reality, however, defense stack boundaries should overlap in order to be effective. When a threat comes via email, for example, even with good security solutions ... continue reading
Building better identity solutions with our partners at Microsoft Inspire

Building better identity solutions with our partners at Microsoft Inspire

Hello Everyone - This week is Microsoft Inspire where we celebrate our partners that have helped us innovate and accelerate growth over the last year. Whether businesses are starting their journey to cloud identity, migrating applications to modern authentication, or ... continue reading
How to Defend Users from Interception Attacks via SMB Client Defense

How to Defend Users from Interception Attacks via SMB Client Defense

Hey folks, Ned here again with another guest post. Today we discuss hardening the SMB protocol in Windows against interception attacks, previously referred to as “Man-in-the-Middle” attacks. As you know, interception attacks involve manipulating communications between client and server. An ... continue reading
Configure Selective Password Synchronization With AADConnect

Configure Selective Password Synchronization With AADConnect

Namaste everyone, my name is Varun Kohli, I am an Identity and Security Consultant at Microsoft Services, India. Through this blog I would like to share details about how we can configure AADConnect to synchronize password hashes to Azure AD ... continue reading