Heya folks, Ned here again. Starting with Windows 11 Insider preview Build 25992 (Canary), the SMB client now supports connecting to an SMB server over TCP, QUIC, or RDMA using alternative network ports. Today I’ll explain how to configure this and talk about the near future of this in Windows and Windows Server Insiders a bit. Previous port behaviors …
SMB alternative ports now supported in Windows Insiders Continue Reading
Heya folks, Ned here again. Starting with Windows 11 Insider preview Build 25992 (Canary), creating SMB shares changes a longtime Windows Defender Firewall default behavior. Before Previously, creating a share automatically configured the firewall to enable the rules in the “File and Printer Sharing” group for the given firewall profiles. This began in Windows XP SP2 with the …
SMB firewall rule changes in Windows Insider Continue Reading
Hello everyone, Jerry Devore back again after to along break from blogging to talk about Active Directory hardening. In my role at Microsoft, I have found every organization has room to improve when it comes to hardening Active Directory. Many times, customers are aware of issues but are afraid of unintended impacts if they make …
Active Directory Hardening Series – Part 1 – Disabling NTLMv1 Continue Reading
Heya folks, Ned here again. Beginning in Windows 11 Insider Preview Build 25951 (Canary), the SMB server now supports controlling which SMB 2 and 3 dialects it will negotiate. This changes legacy behavior, where Windows SMB server always negotiated the highest matched server dialect from SMB 2.0.2 to 3.1.1 clients. Beginning in Windows 10, support was added for …
SMB dialect management now supported in Windows Insider Continue Reading
Heya folks, Ned here again. Beginning in Windows 11 Insider Preview Build 25951 (Canary), the SMB client now supports blocking NTLM for remote outbound connections. This changes legacy behavior, where Windows SPNEGO would negotiate Kerberos, NTLM, and other mechanisms with the destination server to decide on a supported security package. NTLM in this case refers to all versions …
SMB NTLM blocking now supported in Windows Insider Continue Reading
Summary Microsoft has identified a nation-state activity group tracked as Flax Typhoon, based in China, that is targeting dozens of organizations in Taiwan with the likely intention of performing espionage. Flax Typhoon gains and maintains long-term access to Taiwanese organizations’ networks with minimal use of malware, relying on tools built into the operating system, along …
Flax Typhoon using legitimate software to quietly access Taiwanese organizations Continue Reading
Microsoft Defender for Servers (part of the Microsoft Defender for Cloud security suite), being a comprehensive solution for server protection across multi-cloud and hybrid environments, requires the deployment of several agents to achieve its multiple protection capabilities. As many of our customers run their Windows/Linux server environments without direct Internet outbound connectivity, there is a …
Deploying Microsoft Defender for Servers in Network-Restricted Environments Continue Reading
Microsoft Azure has a great set of capabilities for managing non-Azure based servers, including monitoring, policy evaluation, inventory and change tracking, and security tools. Access to those services for non-Azure servers may be via Azure Arc – specifically installation of the Azure Connected Machine Agent. Let’s dig into the technical specifications of the agent and …
The care and feeding of Azure Arc for Servers Continue Reading
Hello, Chris Cartwright here from the Directory Services support team. We have many customers asking questions about how to track down the usage of RC4 in their environment. Over the years, we’ve had tons of great articles that, when put together, provide a fairly simple solution to this problem. (These can be found in the …
So, you think you’re ready for enforcing AES for Kerberos? Continue Reading
Heya folks, Ned here again. We recently made SMB signing the default in Windows Insider Enterprise client builds. In doing so, we were quickly reminded of a consequence from an old unsafe SMB behavior that some folks still use: guest authentication. Today I’ll explain all this and give you the steps to both fix and …
