Select Page
Timeline graph showing developments in the Solorigate attack

Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop

More than a month into the discovery of Solorigate, investigations continue to unearth new details that prove it is one of the most sophisticated and protracted intrusion attacks of the decade. Our continued analysis of threat data shows that the ... continue reading
Using Amazon FSx for SQL Server Failover Cluster Instances – What you need to know!

Using Amazon FSx for SQL Server Failover Cluster Instances – What you need to know!

Intro If you are considering deploying your own Microsoft SQL Server instances in AWS EC2 you have some decisions to make regarding the resiliency of the solution. Sure, AWS will offer you a 99.99% SLA on your Compute resources if ... continue reading
Advice for incident responders on recovery from systemic identity compromises

Advice for incident responders on recovery from systemic identity compromises

As Microsoft alongside our industry partners and the security community continues to investigate the extent of the Solorigate attack, our goal is to provide the latest threat intelligence including IOCs and guidance across our products and solutions to help the ... continue reading
Diagram showing BISMUTH attacker techniques across attack stages

Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them

Cryptocurrency miners are typically associated with cybercriminal operations, not sophisticated nation state actor activity. They are not the most sophisticated type of threats, which also means that they are not among the most critical security issues that defenders address with ... continue reading
Orgs with ZeroLogon exploitation attempts by red teams and real attackers starting September 13, 2020

Zerologon is now detected by Microsoft Defender for Identity

There has been a huge focus on the recently patched CVE-2020-1472 Netlogon Elevation of Privilege vulnerability, widely known as ZeroLogon. While Microsoft strongly recommends that you deploy the latest security updates to your servers and devices, we also want to ... continue reading
SMB MC Blog pic

Boost your client performance with Azure Files SMB Multichannel

Lower your deployment cost, while improving client performance with Server Message Block (SMB) Multichannel on premium tier. Today, we are announcing the preview of Azure Files SMB Multichannel on premium tier. SMB 3.0 introduced the SMB Multichannel technology in Windows ... continue reading
image1.png

HOW TO: Create a Windows Server 2019 NAS / FileServer from the command line

My old Synology NAS for home use had started to show signs of wear and was in need of replacement. It had plenty of disk space and performed well enough - but the version I had lacked any real power ... continue reading
Picture2.png

Azure File Share: Integrating DFS-N with AD DS Over SMB

Introduction Hello everyone, this is Andrew Coughlin again and I am a Customer Engineer at Microsoft. A question I get asked is can you use Distribute File System Namespaces (DFS-N) with an Azure File Share. In this blog I will ... continue reading
Stopping Attacks by using MFA

Dharma Ransomware: Recovery and Preventative Measures

  This is John Barbare and I am a Sr Customer Engineer at Microsoft focusing on all things in the Cybersecurity space. In the last several months, I have been getting a lot of requests around certain Ransomware that steals credentials through targeting phishing campaigns, extracting credentials to get Domain Admin access, and then ... continue reading
Trickbot disrupted

Trickbot disrupted

As announced today, Microsoft took action against the Trickbot botnet, disrupting one of the world’s most persistent malware operations. Microsoft worked with telecommunications providers around the world to disrupt key Trickbot infrastructure. As a result, operators will no longer be ... continue reading