Select Page

5 new capabilities to automate Windows Server management with Azure Automanage

Customers of all sizes trust Windows Server to run their business and mission-critical workloads. With the launch of Windows Server 2022, we've added new capabilities that bring the best of Windows Server and Azure together. Whether you're migrating to the ... continue reading
Timeline showing the transition from Global pre-Covid onsite work for Microsoft employees beginning at around 100,000 employees entering Microsoft buildings in January 2020 and falling to around 30,000 employees by August of 2021.

New insights on cybersecurity in the age of hybrid work

As we approach the last week of Cybersecurity Awareness Month, I think about what is top of mind for myself and my peers in security. The past year has continued the 2020s major shift in the way organizations operate. Recent ... continue reading
Deploying HTTP/3 on Windows Server at Scale

Deploying HTTP/3 on Windows Server at Scale

Windows Server 2022 was released for general availability last month. Since then, in cooperation with the Microsoft 365 team, we have started deploying the latest Windows Server on Exchange Online service front door servers globally, with a primary goal of ... continue reading
DagmarHeidecker_0-1633936309439.png

NDES Security Best Practices

Hi, I am Dagmar, working for the Microsoft Compromise Recovery Security Practice team. As NDES (Network Device Enrollment Server) – if misconfigured or not secured and hardened properly – can be a door opener for the compromise of an Active ... continue reading
netstat output

Converting string output to objects

In my previous post, I talked about using Crescendo to create a PowerShell module for the vssadmin.exe command in Windows. As I explained, you have to write Output Handler code that parses the output of the command you are using ... continue reading
Screenshot of code showing instance of SSH

A deep-dive into the SolarWinds Serv-U SSH vulnerability

Several weeks ago, Microsoft detected a 0-day remote code execution exploit being used to attack the SolarWinds Serv-U FTP software in limited and targeted attacks. The Microsoft Threat Intelligence Center (MSTIC) attributed the attack with high confidence to DEV-0322, a ... continue reading
What's QUIC?

What's QUIC?

James Kehr here with the Windows Networking Escalation Engineering team. Today’s topic is the newly published QUIC protocol. This is a quick discussion, all puns intended, about why QUIC is important to the modern internet. Back in the old days, ... continue reading
Attack flow for Mozi botnet.

How to proactively defend against Mozi IoT botnet

Mozi is a peer-to-peer (P2P) botnet that uses a BitTorrent-like network to infect IoT devices such as network gateways and digital video records (DVRs). It works by exploiting weak telnet passwords1 and nearly a dozen unpatched IoT vulnerabilities2 and it’s ... continue reading
Number of DDoS attacks

Azure DDoS Protection—2021 Q1 and Q2 DDoS attack trends

This blog post was co-authored by Amir Dahan, Senior Program Manager, Anupam Vij, Principal Program Manager, Skye Zhu, Data and Applied Scientist 2, and Syed Pasha, Principal Network Engineer, Azure Networking. In our 2020 retrospective, we highlighted shifts in the ... continue reading
2021-07-20_12-30-39.png

What the heck is the File Server “role” in Windows Server???

Heya folks, Ned here again. Today I clear up an old idiosyncrasy of Windows Server: if the SMB Server service is always installed, why is there a role called "File Server" and what does enabling it do? Let's... role ;) ... continue reading