My name is Ron Arestia, and I am a Security Researcher with Microsoft’s Detection and Response Team (DART). We respond to customer cybersecurity incidents to assist with containment and recovery from...

Why TLS 1.3 matters  TLS (Transport Layer Security) is the protocol that encrypts traffic between clients and servers. For many years, most SQL Server environments have relied on TLS 1.2, which d...

AI agents are rapidly becoming part of everyday enterprise operations summarizing incidents, analyzing logs, orchestrating workflows, or even acting as digital colleagues. As organizations adopt thes...

  1. Introduction In modern Security Operations Centers (SOCs), mapping detections to the MITRE ATT&CK framework is critical. MITRE ATT&CK provides a structured, globally recognized model of adve...

What problem is this trying to solve? Many security issues in applications come from the database layer: poorly written queries, dynamic SQL, or code that exposes more data than it should. These pr...

There are certain instances when a machine or machines are offboarded that the corresponding status takes an unusual amount of time to report in the Defender portal. The status that is shown in the...

Hi All, In this article, you can find a way to retrieve database permission from all your onboarded databases through Azure Arc. This idea is born from a customer request around maintaining a stand...

Hi All.  Jerry Devore back again to continue talking about hardening Active Directory.  This time I want to discuss disabling NTLM or more likely how to minimize its use in a domain until all depende...

There are certain instances when a machine or machines are offboarded that the corresponding status takes an unusual amount of time to report in the Defender portal. The status that is shown in the...