Getting to know Azure Arc
**I do want to state of course I’m an employee of Microsoft but links to any books or courses as part of my learning experience, I am not affiliated with. I don’t have affiliate links I’m just sharing what I ... continue reading
What you need to know about how cryptography impacts your security strategy
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest post of our Voice of the Community blog series post, Microsoft Security Product Marketing Manager Natalia Godyla ... continue reading

New resources and tools to enable product leaders to implement AI responsibly
As AI becomes more deeply embedded in our everyday lives, it is incumbent upon all of us to be thoughtful and responsible in how we apply it to benefit people and society. A principled approach to responsible AI will be ... continue reading
How to retrieve an Azure AD Bulk Token with PowerShell
Hi, my Name is Christian Kielhorn, and I’m a Senior Customer Engineer – formerly known as Premier Field Engineer – within Germanys Customer Success Organization for Modern Work. Today I’d like to come back to a customer’s question – as ... continue reading

NOBELIUM targeting delegated administrative privileges to facilitate broader attacks
The Microsoft Threat Intelligence Center (MSTIC) has detected nation-state activity associated with the threat actor tracked as NOBELIUM, attempting to gain access to downstream customers of multiple cloud service providers (CSP), managed service providers (MSP), and other IT services organizations ... continue reading
NDES Security Best Practices
Hi, I am Dagmar, working for the Microsoft Compromise Recovery Security Practice team. As NDES (Network Device Enrollment Server) – if misconfigured or not secured and hardened properly – can be a door opener for the compromise of an Active ... continue reading

Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability
In August, Microsoft Threat Intelligence Center (MSTIC) identified a small number of attacks (less than 10) that attempted to exploit a remote code execution vulnerability in MSHTML using specially crafted Microsoft Office documents. These attacks used the vulnerability, tracked as ... continue reading

3 steps to prevent and recover from ransomware
On July 14, 2021, the National Cybersecurity Center of Excellence1 (NCCoE) at the National Institute of Standards and Technology2 (NIST) hosted a virtual workshop3 to seek feedback from government and industry experts on practical approaches to preventing and recovering from ... continue reading

Genomics testing on the ISS with HPE Spaceborne Computer-2 and Azure
“Thanks to the power of open source, the compute capability provided by the HPE Spaceborne Computer-2, and the scalability of Azure, we are empowering developers to build for space at a speed that’s out of this world.”—Kevin Mack, Senior Software ... continue reading

Breaking down NOBELIUM’s latest early-stage toolset
As we reported in earlier blog posts, the threat actor NOBELIUM recently intensified an email-based attack that it has been operating and evolving since early 2021. We continue to monitor this active attack and intend to post additional details as ... continue reading