Microsoft finally admits almost all major Windows 11 core features are broken
A major new Windows 11 update has introduced widespread stability issues affecting core system functionality. Many users, including myself, are now experiencing frequent and disruptive problems like File Explorer crashes, slow performance, taskbar glitches, and Bluetooth failures, which together make the operating system frustratingly unreliable for daily use.
Accelerated Collaboration Forums: Join the Conversation and Drive Innovation!
Are you passionate about Microsoft security, compliance, and collaboration? Do you want to connect directly with product engineering teams and peers to shape the future of Microsoft solutions? If so, Accelerated Collaboration Forums (ACFs) are designed for you! What Are Accelerated Collaboration Forums (ACFs)? Accelerated Collaboration Forums (ACFs) are topic-specific discussion groups within the Microsoft Customer Connection Program (MCCP). They streamline how community members engage with Microsoft product teams and each other by organizing recurring calls focused on key topics. Instead of juggling multiple calls, you simply join the recurring call series for the ACFs that interest you. Each forum meets at the same day and time, making participation predictable and easy. Engineering PMs from the relevant product groups join every call, fostering open dialogue and direct feedback. Membership in the Microsoft Customer Connection Program (MCCP) is required—if you’re not a member yet, you can join here. Why Join an ACF? Direct access to product engineering teams Focused discussions on hot topics Predictable, recurring schedule Open community for sharing feedback and ideas Opportunity to influence Microsoft’s roadmap Available Accelerated Collaboration Forums to join Choose from a range of topics tailored to your interests: Purview DLP Authentication Copilot in Entra Copilot in Purview Developer Experiences in Security MDO Partner and Customer Connection Posture Management Security for AI Teams Protection Zero Trust How to Join Ready to participate? Membership to a MCCP is required. If you are already part of the Microsoft Customer Connection Program (MCCP), you can join an ACF here. If you are not yet a MCCP member, you can join here and from there, follow the steps to join an ACF. Join an Accelerated Collaboration Forum today and help shape the future of Microsoft security and collaboration!Microsoft Defender: Smart Containment Stops Exposed Privileged AD Domain Accounts
Introduction In today’s connected business environment, domain accounts are critical assets and increasingly vulnerable. When credentials are leaked, misconfigured, or compromised, attackers can exploit them to gain unauthorized access, move laterally, and launch ransomware or data theft. Just one exposed account can jeopardize an entire security infrastructure. Organizations must prioritize proactive measures to protect these accounts, as traditional security tools may not detect threats quickly enough. The damage caused by compromised domain accounts often extends beyond immediate financial loss, resulting in regulatory penalties and long-term reputational harm. Exposed High-Risk Accounts is Major Concern In the context of Active Directory Domain Services (AD DS), a high-risk account is any user or service account that, if compromised, could pose a significant security threat to the organization. For this blog, Domain Admin Accounts, which has one of the highest level of privileges in the AD environment, will be our focus today, as they represent one of the most critical targets for attackers due to their broad access and control over network resources. While high-risk accounts also include executives, directors, and other high-profile users who may handle sensitive information or have public-facing roles, Domain Admin Accounts require especially proactive protection because a single compromise can jeopardize the entire security infrastructure. Suspicious activity, recent exposure of credentials, or increased visibility can all elevate the risk profile of these accounts, making their security an essential priority for every organization. Exposed domain accounts, whether they belong to IT administrators or influential business leaders, pose major risks. Attackers use stolen credentials to access networks, escalate privileges, and disrupt operations by disabling security or encrypting data. Traditional detection is often slow; organizations need proactive solutions to prevent escalation. The financial and reputational damage from a single compromised account can be devastating, resulting in regulatory penalties and loss of customer trust. Additionally, remediation efforts can be costly and time-consuming, impacting business continuity and productivity. Typical impacts of exposed domain accounts include unauthorized access to sensitive data, disruption of critical business services, lateral movement by attackers to compromise additional systems, the deployment of ransomware, and potential data breaches. Organizations may also face significant legal consequences, regulatory fines, and long-term damage to their brand reputation. Solution Microsoft Defender XDR provides groundbreaking capability: proactive containment of exposed high-risk domain accounts. It identifies accounts flagged as compromised or elevated risk and applies containment controls before attackers exploit them. Continuous Risk Assessment: Defender leverages Identity Protection, Threat Intelligence, and Behavioral Analytics to identify high-risk accounts. Automated Containment Actions: When an account crosses a risk threshold, Defender enforces conditional access policies, revokes sessions, and isolates the account from sensitive resources. Integration with Existing Security Stack: This capability works seamlessly with Microsoft Entra ID, Defender for Identity, and Conditional Access for a unified response. The image above illustrates how to locate attack disruptions related to exposed high-risk accounts within the Microsoft Defender XDR portal. To view all attack disruptions, navigate to the Defender XDR portal, select Incident & alerts, then Incidents, and use the search function to look for “Compromised User account.” This shows incidents involving Risky Users with Privileged Access and other account types, offering clear insight into flagged accounts and how attacks were stopped. Benefits for Businesses To counter modern cyber threats that leverage automation and AI, organizations should adopt layered security and contain high-risk accounts. Comprehensive employee cyber security awareness training to strengthen defense against credential attacks. Merging advanced controls with a vigilant culture lowers risk, improves incident response, and supports compliance. Proactive containment provides critical security and operational benefits: Reduced Attack Surface: Isolating exposed accounts minimizes entry points for attackers. Faster Incident Response: Automated containment shortens the time compromised identities remain active, reducing the window for lateral movement. Compliance and Audit Readiness: Containment actions are logged in Azure Log Analytics, providing a clear audit trail for regulatory requirements. Operational Continuity: Containment is targeted and adaptive, allowing users to regain access quickly after remediation. Best Practices for Effective Implementation To maximize the value of Defender’s proactive containment: Enable Risk-Based Conditional Access: Configure policies dynamically based on account risk levels. Integrate Threat Intelligence Feeds: Ensure Defender consumes external breach data for comprehensive risk scoring. Review Audit Logs: Use Kusto Query Language (KQL) queries in Azure Log Analytics to monitor containment actions and validate policy effectiveness. KQL empowers security teams to quickly analyze vast amounts of log data, enabling efficient threat detection, incident investigation, and proactive monitoring across diverse environments. Educate End Users: Communicate containment measures to reduce helpdesk friction and improve security culture. Test in Controlled Environments: Simulate account compromise scenarios to validate containment workflows before production rollout. Explore these Microsoft Learn resources for deeper insights into proactive containment and identity protection: Priority Account Protection: https://learn.microsoft.com/defender-365/priority-accounts-turn-on-priority-account-protection Responding to Compromised Accounts: https://learn.microsoft.com/responding-to-compromised-email-account Behavioral Blocking and Containment: https://learn.microsoft.com/microsoft-defender-endpoint/behavioral-blocking-containment Remediation Actions for Identities: https://learn.microsoft.com/microsoft-defender-identity/remediation-actions Service Account Discovery: https://learn.microsoft.com/microsoft-defender-identity/service-account-discovery Takeaways Proactive security is essential in today’s threat landscape. Waiting for alerts is no longer enough. Microsoft Defender XDR proactive containment of exposed high-risk domain accounts represents a paradigm shift from reactive defense to preemptive protection. This capability enables enterprises to safeguard critical assets, reduce operational risk, and stay ahead of evolving threats. Don’t wait for compromise, contain risk before it becomes a breach. About the Author: Hi! Jacques “Jack” here, Microsoft Technical Trainer. I am dedicated to helping teams achieve excellence in both security and operations. As your skills progress, combine technical know-how with a willingness to share insights and participate in regular training. Seek chances to lead workshops, keep up to date with emerging threats and industry best practices, and encourage a mindset focused on ongoing learning. #SkilledByMTT #MicrosoftLearnWindows 11 Updates
Is there, somewhere, a list of flakey/bad Windows 11 Updates floating around out there?...... Some of the strange anomalies on my System seem to have ironed themselves out, however, we're having difficulties with SSD/Monitor Sleep settings and thought, perhaps, an errant Update might have had something to do with it. I guess after this, we'll locate the Power Options threads here and see what we can sort out. A brief history on this machine, we're the original owner and it came from HP with Windows 7 Pro installed. We did some minor mods to it, and it's been a great machine for what I do. We didn't Upgrade to Windows 10, so we researched around and found there was a way to Upgrade to Windows 11 Pro. Frankly, we didn't have time to do this 'in house', so off to the local computer repair facility it went- $80 and next day return we had a decent running Windows 11 machine. Admittedly, it's a smidge slower than Windows 7 Pro was..... but not unbearably so.
Disk transfer speed deterioration since installing Windows 11
I am not sure whether this question belongs in Windows 11 or PC hardware, it seems to be hardware but the change in O/S has introduced the issue. If an admin wants to move this into a more appropriate forum please feel free to do so. Amongst other devices on my home network I have a home-built desktop PC with multiple disk drives and a Synology NAS. I recently gave the PC a heart and brain transplant but retained all my disk drives, and at the same time replaced Windows 10 with Windows 11 Pro. Since then although everything – Windows and apps – seems to be functioning fine, I have noticed two odd things relating to disk transfer speeds. Both versions of the PC had an SSD drive as the primary C drive, and the following 3 SATA drives: D: Seagate Constellation ES.3 3TB (7200 rpm) E: Western Digital WD Black 6TB (7200 rpm) G: Western Digital WD Red 6TB (5400 rpm) The old PC could copy data from any of these disks to the NAS at 110MB/s. That’s what I would expect on a gigabit network, and it’s what I got. But the new PC can only copy data to the NAS at 55MB/s. So far as I know nothing has changed in the system other than the version of Windows and the motherboard (was an ASUS Z-390 ROG-STRIX, now an ASUS Z-890F ROG-STRIX). But for some reason the data transfer across the network has halved – just from this PC, not from other machines. I am sure the problem has nothing to do with the NAS or the network, which have not been altered in any way, nor the disk drives themselves, which have not been changed – the rebuild only replaced the contents of the (SSD) C drive. But there is something fishy about the HDD performance, because this brings me to the second observation. I never bothered noting any transfer speeds between the disks in the Win 10 incarnation, because all copying just ran at a more or less constant rate and I never had any concerns about performance. But in the Win 11 version I have been seeing very erratic behaviours, slow downs and pauses. As a test I created a data file of 5GB and copied it between all the disks. I renamed the file each time to try to avoid caching (although I don’t know for sure that this would prevent it, or if it would be a problem if I hadn’t). My experience tells me that the rate and elapsed time of all of these transfers would have been consistent in the Win 10 environment.Microsoft confirms it’ll let you remove “AI Actions” …
I recently came across news that Microsoft will be allowing users to remove or disable the AI Actions feature in Windows, which has raised concerns about the impact on user control and privacy. My issue is that I want to understand how this change will affect my experience, especially since I prefer to have more control over the features and services running on my device, and I am worried about potential unwanted updates or integrations that could compromise my privacy or performance. I am looking for advice on how to effectively remove or disable AI Actions once the update is rolled out, and whether there are any risks or additional steps I should be aware of to ensure my system remains stable and secure after making these changes. Any guidance or detailed instructions on managing or turning off AI Actions would be greatly appreciated.endless repair loop at boot up
Can anyone help? Out of nowhere, overnight my PC went into the endless repair loop at boot up. I did all available methods in the Troubleshoot tab and more. All failed, roll back failed, restore failed, remove last update failed, start up repair failed, command prompt... SFC Scan etc steps completed and failed to fix, restore from image failed as all images disappeared, reset failed, tried to reinstall Windows 11 failed, will not allowed me to install Windows in any one of my 5 SSD. While I was trying to restore from Restore point or images, I could access all files inside all 5 of my SSD so I think the SSD drives are still good. Initially, it will not even let me restore back to my last 11/7 restore point but after I did the unplug and hold power button for 35+ seconds, I was able to restore back to 11/7 restore point but again the same automatic repair loop at boot up still not fixed, went right back to blue screen with Troubleshoot tab. Also gone through all of the above steps with an USB Windows boot up repair drive, still problem persists! Any anyone can share some idea? Aorus motherboard bad?
