Select Page
Getting to know Azure Arc

Getting to know Azure Arc

**I do want to state of course I’m an employee of Microsoft but links to any books or courses as part of my learning experience, I am not affiliated with. I don’t have affiliate links I’m just sharing what I ... continue reading

What you need to know about how cryptography impacts your security strategy

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest post of our Voice of the Community blog series post, Microsoft Security Product Marketing Manager Natalia Godyla ... continue reading
Figure 1: The Responsible AI dashboard

New resources and tools to enable product leaders to implement AI responsibly

As AI becomes more deeply embedded in our everyday lives, it is incumbent upon all of us to be thoughtful and responsible in how we apply it to benefit people and society. A principled approach to responsible AI will be ... continue reading
ChristianKielhorn_12-1636488021862.png

How to retrieve an Azure AD Bulk Token with PowerShell

Hi, my Name is Christian Kielhorn, and I’m a Senior Customer Engineer – formerly known as Premier Field Engineer – within Germanys Customer Success Organization for Modern Work. Today I’d like to come back to a customer’s question – as ... continue reading
Example intrusion conducted by NOBELIUM demonstrating nested access across variety of methods

NOBELIUM targeting delegated administrative privileges to facilitate broader attacks

The Microsoft Threat Intelligence Center (MSTIC) has detected nation-state activity associated with the threat actor tracked as NOBELIUM, attempting to gain access to downstream customers of multiple cloud service providers (CSP), managed service providers (MSP), and other IT services organizations ... continue reading
DagmarHeidecker_0-1633936309439.png

NDES Security Best Practices

Hi, I am Dagmar, working for the Microsoft Compromise Recovery Security Practice team. As NDES (Network Device Enrollment Server) – if misconfigured or not secured and hardened properly – can be a door opener for the compromise of an Active ... continue reading
Screenshot of code showing the original exploit vector

Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability

In August, Microsoft Threat Intelligence Center (MSTIC) identified a small number of attacks (less than 10) that attempted to exploit a remote code execution vulnerability in MSHTML using specially crafted Microsoft Office documents. These attacks used the vulnerability, tracked as ... continue reading
Microsoft's recommended mitigation prioritizations: prepare, limit, and prevent.

3 steps to prevent and recover from ransomware

On July 14, 2021, the National Cybersecurity Center of Excellence1 (NCCoE) at the National Institute of Standards and Technology2 (NIST) hosted a virtual workshop3 to seek feedback from government and industry experts on practical approaches to preventing and recovering from ... continue reading
Genomics testing on the ISS with HPE Spaceborne Computer-2 and Azure

Genomics testing on the ISS with HPE Spaceborne Computer-2 and Azure

“Thanks to the power of open source, the compute capability provided by the HPE Spaceborne Computer-2, and the scalability of Azure, we are empowering developers to build for space at a speed that’s out of this world.”—Kevin Mack, Senior Software ... continue reading
Breaking down NOBELIUM’s latest early-stage toolset

Breaking down NOBELIUM’s latest early-stage toolset

As we reported in earlier blog posts, the threat actor NOBELIUM recently intensified an email-based attack that it has been operating and evolving since early 2021. We continue to monitor this active attack and intend to post additional details as ... continue reading