In recent weeks, the Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team detected Iran-based threat actor MERCURY leveraging exploitation of Log4j 2 vulnerabilities in SysAid applications against organizations all located in Israel. MSTIC assesses with high confidence ... continue reading

The other day a client asked everyone in operations who added some odd DNS records, everyone on the admin team denied making any changes, no one in engineering did it either. They determined the user that made the new record ... continue reading

Thank you to Erin Stellato (Program Manager, SQL Experiences) and Drew Skwiers-Koballa(Program Manager, SQL Experiences) for contributing to this blog.The end of summer in the Northern Hemisphere can be a quiet time for some, but the Azure Data Studio team has been ... continue reading

Microsoft security researchers have discovered a post-compromise capability we’re calling MagicWeb, which is used by a threat actor we track as NOBELIUM to maintain persistent access to compromised environments. NOBELIUM remains highly active, executing multiple campaigns in parallel targeting government ... continue reading

Introduction When doing SQL Migrations we have some wonderful tools at Microsoft that will assist you with the migration from On-Premise to Azure. But What happens down the line when you need to decide if you made the correct choice ... continue reading

Even with the dip in the value of cryptocurrencies in the past few months, cryptojackers – trojanized coin miners that attackers distribute to use compromised devices’ computing power for their objectives – continue to be widespread. In the past several ... continue reading

Part of the SQL Server 2022 blog series.Query Store is one of the most powerful database-scoped features in SQL Server for troubleshooting performance and improving the stability of your database workloads.The Query Store feature first became available in SQL Server ... continue reading

WMI is arguably one of the greatest tools a system administrator can have. You can manage Windows workstations, interact with Microsoft products, like the Configuration Manager, monitor server’s resources and many more. Today, we are going to look at the ... continue reading

Introduction: In part 1, we saw how to use MEM portal to view and recover Bitlocker recovery keys for ConfigMgr clients that are tenant attached. In part 2 of this blog, we will see how to migrate Bitlocker keys to ... continue reading

Welcome to this series where you will learn the various best practices for deploying Azure Virtual Machines and how to manage them at scale. To get started, we are going to take a look at various deployment options; how you ... continue reading