Blog

Microsoft has disclosed that threat actors are exploiting publicly exposed ASP.NET machine keys to execute ViewState code injection attacks. The company warns that web developers are inadvertently putting their organizations at risk by using these keys from online repositories and documentation in their applications. In December, Microsoft first observed the attacks that involved an unknown…

Microsoft has announced a major change that will give organizations greater control over how updates are installed on new Windows 11 devices. A new policy will soon allow administrators to decide whether quality updates are applied during the out-of-box experience (OOBE). Previously, users had to manually check for updates through Windows Update after setting up…

Microsoft has started testing a new Facebook-style Storyline news feed internally within Microsoft Teams. According to a new report from The Verge, this feature will allow users to share updates, post news, and engage with colleagues by liking and sharing content. “Storyline enables leaders to communicate directly with their organizations, delivering personalized updates to amplify,…

Azure Role-Based Access Control (RBAC) is Microsoft Azure’s primary authorization system for managing access to cloud resources. By assigning specific permissions to users, service principals, and managed identities, Azure RBAC ensures that access is both controlled and aligned with the principle of least privilege. Whether you’re securing a single subscription or governing a hybrid cloud…

Microsoft has released a new PowerShell script that enables administrators to update bootable media with the “Windows UEFI CA 2023” certificate to boost system security. This update specifically targets vulnerabilities exploited by the BlackLotus UEFI bootkit, which is a sophisticated threat capable of bypassing Secure Boot protections. What is BlackLotus UEFI? BlackLotus UEFI is a…

Microsoft has yet to release the final cumulative update (CU15) for Exchange Server 2019 due to technical issues. The company has outlined some of the reasons for the delay, but it has not provided a new expected release date for the update. In December, Microsoft announced plans to push the final cumulative update for Exchange…

Microsoft has introduced a new PowerShell setting within Tenant Federation Configuration, offering administrators enhanced flexibility to tailor their federation posture. The company announced on the Micrososoft 365 admin center that this setting is now available to commercial users through Microsoft Teams PowerShell. Last year, Microsoft added a new PowerShell setting (called -ExternalAccessWithTrialTenants) to the Set-CsTenantFederationConfiguration…

Group Policy WMI Filtering is a powerful feature that allows administrators to apply Group Policy Objects (GPOs) and Group Policy preferences based on specific attributes of target computers, servers, and users. By leveraging Windows Management Instrumentation (WMI) queries, IT professionals can create highly targeted and dynamic GPOs that respond to the unique needs of their…

Security researchers have discovered a sophisticated phishing campaign targeting organizations that rely on Active Directory Federation Services (ADFS) for secure access. This attack has already compromised over 150 organizations across critical sectors, including healthcare, education, government, and technology. Active Directory Federation Services (ADFS) is a software component that gives users sign-on (SSO) access to systems…

Microsoft has recently rolled out a new update (version 2.4.129.0) of its Entra Connect Sync service. The latest release brings new auditing capabilities, enhancements, as well as bug fixes to improve user experience and boost the overall stability of the system. What is Microsoft Entra Connect Sync? Microsoft Entra Connect Sync enables organizations to synchronize…

SQL Server Reporting Services (SSRS) is a set of on-premises tools and services that enable you to create, deploy, and manage printed, web, email and mobile reports from SQL Server databases. Let’s look at its evolution and capabilities in more detail. When SQL Server was first released it was a simple relational database but as…

Microsoft is about to add a new People administrator role in Microsoft Entra, allowing organizations to securely delegate people-related tasks. This update helps streamline user management while minimizing security risks associated with high-level admin roles. In Microsoft Entra ID, built-in roles offer pre-defined permissions for efficient access control, but they don’t always match common user…