Select Page

New Surface PCs enable virtualization-based security (VBS) by default to empower customers to do more, securely

VBS and HVCI-enabled devices help protect from advanced attacks Escalation of privilege attacks are a malicious actor’s best friend, and they often target sensitive information stored in memory. These kinds of attacks can turn a minor user mode compromise into ... continue reading

Preparing to Manage Windows Virtual Desktops (WVD)

Introduction Technologies such as Intune and Endpoint Configuration Manager (used manage enterprise devices) are becoming more robust, and these tools can also now be used for virtual devices such as those used by Microsoft’s Windows Virtual Desktop service in Azure ... continue reading
Diagram showing process of isolation in System Management Mode

System Management Mode deep dive: How SMM isolation hardens the platform

Ensuring that the platform firmware is healthy and trustworthy is fundamental to guaranteeing that powerful platform security features like Hypervisor-protected code integrity (HVCI) and Windows Defender Credential Guard are functioning as expected. Windows 10 achieves this by leveraging a hardware-based ... continue reading
Force firmware code to be measured and attested by Secure Launch on Windows 10

Force firmware code to be measured and attested by Secure Launch on Windows 10

You cannot build something great on a weak foundation – and security is no exception. Windows is filled with important security features like Hypervisor-protected code integrity (HVCI) and Windows Defender Credential Guard that protect users from advanced hardware and firmware ... continue reading
Devices1.png

Azure AD Mailbag: Frequent questions about using device-based Conditional Access for remote work

Greetings! We're back with another mailbag, this time focusing on your common questions regarding device-based Conditional Access scenarios. We’ve heard from so many of you over the past few months on new challenges you’ve faced keeping your remote workforce secure, ... continue reading

Microsoft raises the security standard for next major Windows Server release

Server security and platform Integrity are critical requirements in today's datacenter, edge, and cloud environments. Many Windows Server customers have relied on built-in security capabilities such as Secure boot and BitLocker to protect their infrastructure. These capabilities are enhanced when ... continue reading
image.png

“Why are my users not prompted for MFA as expected?”

“MFA” or ‘Multi-Factor Authentication’ is a process where something more than just a username and password is required before granting access to a resource.   This could be a one-time code sent to a user’s cellphone via SMS text, a ... continue reading

Biometrics – Keep Your Fingers Close

Here’s a common customer question, especially in manufacturing, government-to-citizen, and kiosk scenarios: “ I want a system where my user can walk up to any system, then scan a fingerprint (or look at a camera, or speak into a mic, ... continue reading
Naveen_Kanneganti_0-1585926100333.png

ConfigMgr Bitlocker Management

Hi Folks! I’m Naveen kanneganti and Welcome to my blogpost. Configmgr has release BitLocker Drive Encryption (BDE) in v1910 for on-premises Windows clients running Windows 10 or Windows 8.1. This feature is optional so, you must enable this feature before ... continue reading
Secured-core PCs: A brief showcase of chip-to-cloud security against kernel attacks

Secured-core PCs: A brief showcase of chip-to-cloud security against kernel attacks

Gaining kernel privileges by taking advantage of legitimate but vulnerable kernel drivers has become an established tool of choice for advanced adversaries. Multiple malware attacks, including RobbinHood, Uroburos, Derusbi, GrayFish, and Sauron, and campaigns by the threat actor STRONTIUM, have ... continue reading