Threat Intelligence

Firewall considerations for gMSA on Azure Kubernetes Service

This week I spent some time helping a customer with a gMSA environment on which they were finding some issues in deploying their app. The issues started when they were trying to figure out why the Kerberos ticket was not being issues for the Window pod with gMSA configured in AKS. I decided to write […]

Firewall considerations for gMSA on Azure Kubernetes Service Continue Reading

Microsoft Entra Verified ID introduces Face Check in preview

Today, I’m thrilled to announce the expansion of Microsoft Entra Verified ID to include Face Check—a privacy-respecting facial matching feature for high-assurance verifications, which is now in preview. Watch the video to learn more and read on for how you can get started today. Try Face Check for yourself. Verified ID: Verify once, use everywhere In

Microsoft Entra Verified ID introduces Face Check in preview Continue Reading

Connect with Microsoft at these cybersecurity events in 2024

In the cybersecurity industry, there are many events to choose from. You as a cybersecurity professional are left wondering which events are worth your time. Each year, Microsoft hosts and participates in numerous events focused on equipping security professionals of all levels with the knowledge, skills, and tools you need to elevate your cybersecurity approach

Connect with Microsoft at these cybersecurity events in 2024 Continue Reading

3 new ways the Microsoft Intune Suite offers security, simplification, and savings

Today, we are taking a significant step in completing the delivery of functionality we promised when we first unveiled the vision for the Microsoft Intune Suite.1 We are launching three new solutions: Microsoft Intune Enterprise Application Management, Microsoft Intune Advanced Analytics, and Microsoft Cloud PKI. With these additions, the Intune Suite now goes beyond unified

3 new ways the Microsoft Intune Suite offers security, simplification, and savings Continue Reading

Introducing More Granular Certificate-Based Authentication Configuration in Conditional Access

I’m thrilled to announce the public preview of advanced certificate-based authentication (CBA) options in Conditional Access, which provides the ability to allow access to specific resources based on the certificate Issuer or Policy Object Identifiers (OIDs) properties.  Our customers, particularly those in highly regulated industries and government, have expressed the need for more flexibility in

Introducing More Granular Certificate-Based Authentication Configuration in Conditional Access Continue Reading

Become a Microsoft Unified SOC Platform Ninja

(Last updated January 2024) ** The integration of Microsoft Sentinel into the Defender portal is currently in private preview, with the eventual goal of a fully integrated and aligned user experience.  The early preview, specific feature information mentioned here is under development and therefore subject to change. Our recommendation is to regularly check for new

Become a Microsoft Unified SOC Platform Ninja Continue Reading

Bridging the Gap Between Code and Cloud with Defender for Cloud

While containers have revolutionized modern software development, the complexity of dependencies in containerized environments and the expanded attack surface they present are still significant hurdles for security professionals. The initial step in securing these environments involves identifying vulnerabilities within container images. Yet, the most time-consuming task can often be identifying the right development team to

Bridging the Gap Between Code and Cloud with Defender for Cloud Continue Reading

Join us at InfoSec Jupyterthon 2024

Jupyter notebooks are continuing to grow in popularity in information security as an alternative or supplement to mainstream security operations center (SOC) tools. Notebooks can be used interactively for threat detection and response, or as automated tasks in a larger pipeline. Their flexibility and ability to combine code, data analysis, and visualization in a single,

Join us at InfoSec Jupyterthon 2024 Continue Reading

Midnight Blizzard: Guidance for responders on nation-state attack

The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known

Midnight Blizzard: Guidance for responders on nation-state attack Continue Reading