Select Page
Diagram showing chain of attacks from the LemonDuck and LemonCat infrastructure, detailing specific attacker behavior common to both and highlight behavior unique to each infra

When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks

[Note: In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covered the evolution of the threat, how it spreads, and how it impacts ... continue reading
2021-07-20_12-30-39.png

What the heck is the File Server “role” in Windows Server???

Heya folks, Ned here again. Today I clear up an old idiosyncrasy of Windows Server: if the SMB Server service is always installed, why is there a role called "File Server" and what does enabling it do? Let's... role ;) ... continue reading
TelemetryFinal.gif

Log Sensor & Telemetry Services in Isolated Network

Dear IT Pros, We knew that it is normal for Domain Controller and critical servers to be in isolated network without internet access. How could we provide the cloud-based, Azure log analytic services for these objects? The services could originate ... continue reading
When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure

When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure

[Note: In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covers the evolution of the threat, how it spreads, and how it impacts ... continue reading
SecurityLevel.png

Security Settings for Failover Clustering

Security is at the forefront of many administrator's minds and with Failover Clustering, we did some improvements with Windows Server 2019 and Azure Stack HCI with regards to security. Since the beginning of time, Failover Clustering has always had a ... continue reading
Windows Server 2022 Azure Edition in Public Preview

Windows Server 2022 Azure Edition in Public Preview

Windows Server Azure Edition is a special version of Windows Server built specifically to run either as an Azure IaaS VM in Azure or as a VM on an Azure Stack HCI cluster. Unlike the traditional Standard or Datacenter editions, ... continue reading
SMB Compression in Windows Server 2022 and Windows Insider

SMB Compression in Windows Server 2022 and Windows Insider

Heya folks, Ned here again. Today I announced the new SMB compression feature for Windows Server 2022 and Windows Insider at the Windows Server 2022, Best on Azure webinar. A proper article will be on docs.microsoft.com in the next 24 ... continue reading
newjob.png

Storage Migration Service now supports NetApp

Heya folks, Ned here again. Eagle-eyed readers may have noticed in the April 22, 2021-KB5001384 monthly update for Windows Server 2019 - and now in the May 2021 Patch Tuesday - we added support for migrating from NetApp FAS arrays ... continue reading

How Do I Discover Changes to an AD Group’s Membership

Q: Is there an easy way to detect and changes to important the membership of AD Groups? A: Easy using PowerShell 7, WMI, and the CIM Cmdlets. WMI Windows Management Instrumentation (WMI) is an important component of the Windows operating ... continue reading
Number of tests in which the vendor blocked the attack at earliest stage possible. Microsoft successfully blocked at the earliest possible point on six protection tests, more than any other vendor participating in the test.

Stopping Carbanak+FIN7: How Microsoft led in the MITRE Engenuity® ATT&CK® Evaluation

In MITRE Engenuity’s recent Carbanak+FIN7 ATT&CK Evaluation, Microsoft demonstrated that we can stop advanced, real-world attacks by threat actor groups with our industry-leading security capabilities. In this year’s evaluation, we engaged our unified Microsoft 365 Defender stack, with market-leading capabilities ... continue reading