Select Page
Introduction to Secured-core computing

Introduction to Secured-core computing

Security is a broad topic that has components across all layers of the technology stack. Lately I’ve been investigating the concept of Secured-core computing, available with hardware from OEM providers running Windows 10 and now also Windows Server 2022 (preview) ... continue reading

Windows 11 enables security by design from the chip to the cloud

Over the last year, PCs have kept us connected to family, friends, and enabled businesses to continue to run. This new hybrid work paradigm has got us thinking about how we will continue to deliver the best possible quality, experience, ... continue reading

How Do I Discover Changes to an AD Group’s Membership

Q: Is there an easy way to detect and changes to important the membership of AD Groups? A: Easy using PowerShell 7, WMI, and the CIM Cmdlets. WMI Windows Management Instrumentation (WMI) is an important component of the Windows operating ... continue reading
™

Surface expands its Secured-core portfolio with the new Surface Laptop 4 powered by AMD Ryzen™ Mobile Processors

As operating systems are becoming more secure and resistant to compromise, advanced vectors like firmware, kernel and hardware direct memory access (DMA) have emerged as new favored targets for threat actors. Recent trends indicate a substantial growth in the number ... continue reading

Is a User A Local Administrator?

Q: Some of the things we do in our logon scripts require the user to be a local administrator. How can the script tell if the user is a local administrator or not, using PowerShell 7. A: Easy using PowerShell ... continue reading
MEM Home

Attack Surface Reduction Rules – Warn Mode with MEM/M365 Defender

Introduction This is John Barbare and I am a Sr Customer Engineer at Microsoft focusing on all things in the Cybersecurity space. In a previous blog back in July, 2020, I walked through a demo of setting up an Attack ... continue reading
GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence

GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence

Microsoft continues to work with partners and customers to expand our knowledge of the threat actor behind the nation-state cyberattacks that compromised the supply chain of SolarWinds and impacted multiple other organizations. As we have shared previously, we have observed ... continue reading

Configuration Manager Current Branch Antivirus Exclusions

Hey everybody! My name is Brandon McMillan and I am a Microsoft Endpoint Configuration Manager (ConfigMgr) CE at Microsoft. ConfigMgr Current Branch has been the standard service-based model since December 2015 with the release of version 1511. You may have ... continue reading

New Surface PCs enable virtualization-based security (VBS) by default to empower customers to do more, securely

VBS and HVCI-enabled devices help protect from advanced attacks Escalation of privilege attacks are a malicious actor’s best friend, and they often target sensitive information stored in memory. These kinds of attacks can turn a minor user mode compromise into ... continue reading
AppGuard Policies

Microsoft Defender Application Guard for Office

  Introduction   This is John Barbare and I am a Sr Customer Engineer at Microsoft focusing on all things in the Cybersecurity space. In this blog I will focus on a future release of Microsoft Defender Application Guard for Office available in limited preview for Windows 10 20H2. Windows 10 20H2 is now available for commercial customers to ... continue reading