Microsoft Support & Discussions
Free PC Help Forum microsoft products support and discussions. If you need help with Microsoft Windows, Windows Server software, Microsoft 365, Microsoft Azure or any other Microsoft product you can post here. If you want to discuss Microsoft and their line of products you can do that here also.
84,928 topics in this forum
-
Protect your business from password sprays with Microsoft DART recommendations
by Guest Emma Jones- 0 replies
- 0 views
Over the past year, the Microsoft Detection and Response Team (DART), along with Microsoft’s threat intelligence teams, have observed an uptick in the use of password sprays as an attack vector. This threat is a moving target with techniques and tools always changing, and Microsoft continues to find new ways to detect these types of attacks and help protect its customers. In this blog, we are going to define what password sprays are, detail DART’s investigation techniques and approach to responding to password spray attacks, and outline our recommendations for protecting against them. Why are identity-based attacks suddenly so popular? Previously, threat actors…
-
We’re Excited to Announce the Launch of Comms Hub!
by Guest Sherry Huang- 0 replies
- 0 views
We are excited to announce the launch of Comms Hub to the Researcher Portal submission experience! With this launch, security researchers will be able to streamline communication with MSRC case SPMs (case managers), attach additional files, track case and bug bounty status all in the Researcher Portal. Summary – What is Comms Hub? Comms Hub … We’re Excited to Announce the Launch of Comms Hub! Read More » Continue reading...
-
Microsoft Digital Defense Report shares new insights on nation-state attacks
by Guest Emma Jones- 0 replies
- 0 views
Microsoft is proud to promote Cybersecurity Awareness Month as part of our ongoing commitment to security for all. Year-round, Microsoft tracks nation-state threat activities to help protect organizations and individuals from these advanced persistent actors. We’re constantly improving our capabilities to bring better detections, threat context, and actor knowledge to our customers so they can improve their own defenses. To learn more about how Microsoft responds to nation-state attacks and how to defend your organization, watch the Decoding NOBELIUM docuseries. Hear directly from the frontline defenders who helped protect organizations against the most sophisticated atta…
-
NOBELIUM targeting delegated administrative privileges to facilitate broader attacks
by Guest Teri Seals-Dormer- 0 replies
- 0 views
The Microsoft Threat Intelligence Center (MSTIC) has detected nation-state activity associated with the threat actor tracked as NOBELIUM, attempting to gain access to downstream customers of multiple cloud service providers (CSP), managed service providers (MSP), and other IT services organizations (referred to as “service providers” for the rest of this blog) that have been granted administrative or privileged access by other organizations. The targeted activity has been observed against organizations based in the United States and across Europe since May 2021. MSTIC assesses that NOBELIUM has launched a campaign against these organizations to exploit existing technical …
-
-
- FPCH Admin
- 0 replies
- 0 views
We are excited to announce the launch of Comms Hub to the Researcher Portal submission experience! With this launch, security researchers will be able to streamline communication with MSRC case SPMs (case managers), attach additional files, track case and bug bounty status all in the Researcher Portal. Summary – What is Comms Hub?
Last reply by Cloaked, -
-
How Microsoft is partnering with vendors to provide Zero Trust solutions
by Guest Emma Jones- 0 replies
- 0 views
As workplaces around the world embrace hybrid work, Zero Trust provides the guiding strategy that keeps companies secure. However, no two organizations are alike. The Zero Trust journey will look unique for every organization that implements it. This means we must work together to create solutions that support the varied workplaces that exist today. At Microsoft, our mission is to create an amazing Zero Trust platform that protects our customers no matter what solutions they use. We realize that our customers use products that work well for them, and so we strive to meet them where they are. Our solutions are from Microsoft, but not just for Microsoft. To this end, …
-
Defenders wanted—building the new cybersecurity professionals
by Guest Emma Jones- 0 replies
- 0 views
As part of Cybersecurity Awareness Month, we published a special blog post earlier this week featuring real-world experiences shared by cybersecurity professionals: people with diverse backgrounds in law, academia, software development, and other seemingly unrelated fields. This topic is near and dear to my heart because I truly believe that diversity—people with diverse skills, backgrounds, cultures, and life experiences—is the key element for making the next generation of cybersecurity professionals even more effective. Today’s world is connected in ways we could only imagine 20 years ago. Digital transformation means the workplace, classrooms, retail outlets, and mo…
-
Franken-phish: TodayZoo built from other phishing kits
by Guest Eric Avena- 0 replies
- 0 views
A phishing kit built using pieces of code copied from other kits, some available for sale through publicly accessible scam sellers or are reused and repackaged by other kit resellers, provides rich insight into the state of the economy that drives phishing and email threats today. We uncovered this phishing kit while examining an extensive series of credential phishing campaigns that all sent credentials to a set of endpoints operated by the attackers. We named the kit “TodayZoo” because of its curious use of these words in its credential harvesting component in earlier campaigns, likely a reference to phishing pages that spoofed a popular video conferencing applicatio…
-
New Microsoft Sysmon report in VirusTotal improves security
by Guest Lauren Goodwin- 0 replies
- 0 views
Today, following the 25th year anniversary of Microsoft Sysinternals, we are announcing the general availability of a new Microsoft Sysmon report in VirusTotal. Whether you’re an IT professional or a developer, you’re probably already using Microsoft Sysinternals utilities to help you manage, troubleshoot, and diagnose your Windows systems and applications. The powerful logging capabilities of Sysinternals utilities became indispensable for defenders as well, enabling security analytics and advanced detections. The System Monitor (Sysmon) utility, which records detailed information on the system’s activities in the Windows event log, is often used by security products …
-
-
- FPCH Admin
- 0 replies
- 343 views
Microsoft produces two to three updates per supported Windows platform monthly. This results in a backlog of updates and potentially increases the size of update packages. Many of these updates, however, are cumulative and include all earlier updates that have been published for that platform. That means, when older packages expire, you still receive the updates contained in those packages by installing the cumulative update. By expiring older, redundant packages, you get better performance, shorter scan times, a faster user experience, and reduced risk of deploying older updates which have been superseded with newer, more secure ones. Here are answers to common questi…
Last reply by AWS, -
-
Microsoft Edge feature coming to Microsoft 365 admin center
by Guest Eric_VanAelstyn- 0 replies
- 0 views
Send Microsoft Edge promotional emails through a new feature in the Setup page of the Microsoft 365 admin center, titled “Get fast, secure browsing with Microsoft Edge”. This is expected to be released towards the end of October 2021 and will provide admins with the opportunity to encourage the use of Microsoft Edge in their organization by sending an email to their users. Admins will be provided with three options they can choose to include in the email they send to their users. A download link for Microsoft Edge Instructions on how to sign in and sync passwords, favorites, and settings Instructions on how to turn on security and performance features in Micr…
-
-
- FPCH Admin
- 0 replies
- 296 views
The data privacy regulation landscape is more complex than ever. With new laws emerging in countries like China and India, shifts in Europe and the United Kingdom, and currently 26 different laws across the United States, staying ahead of regulations can feel impossible. But this work is critical—to safeguarding people and the tools they use to stay connected, get work done, and thrive in today’s hybrid environment. We have been working closely with our customers to help. Today, I’m excited to share with you some of the new investments we’re making to attempt to bring some simplicity to the complex topic of data privacy regulations. Introducing Privacy Management…
Last reply by AWS, -
-
Microsoft achieves a Leader placement in Forrester Wave for XDR
by Guest Lauren Goodwin- 0 replies
- 0 views
We are excited to share that Microsoft has been named a Leader in The Forrester New Wave: Extended Detection and Response (XDR), Q4, 2021,1 receiving one of the highest scores in the strategy category. Microsoft 365 Defender was rated as “differentiated” in seven criteria including detection, investigation, and response, and remediation. Forrester notes that “there is a deep divide in the XDR market between those far along the path and those just starting to deliver on the vision of XDR,” and that of mature providers “combine the best elements of their portfolios, including industry-leading products, to simplify incident response and build targeted, high-efficacy detec…
-
Get career advice from 7 inspiring leaders in cybersecurity
by Guest Emma Jones- 0 replies
- 0 views
Are you currently studying information security? Or are you considering transitioning to a career in cybersecurity? According to the US Bureau of Labor Statistics, cybersecurity jobs will grow 31 percent from 2019 to 2029—more than six times the national average job growth.1 Cybersecurity skills are clearly in high demand. But more than that, cybersecurity is a rewarding career attracting many bright, passionate practitioners and leaders who are invested in making the world a better, more secure place. As part of Cybersecurity Awareness Month and this week’s theme on cybersecurity careers, we are focusing this blog on top experts in the industry who will share insights…
-
New High Impact Scenarios and Awards for the Azure Bounty Program
by Guest MSRC Team- 0 replies
- 0 views
Microsoft is excited to announce new Azure Bounty Program awards up to $60,000 to encourage and reward vulnerability research focused on the highest potential impact to customer security. These increased awards are a part of our ongoing investment in partnership with the security research community, and an important part of Microsoft’s holistic approach to defending … New High Impact Scenarios and Awards for the Azure Bounty Program Read More » Continue reading...
-
-
- FPCH Admin
- 0 replies
- 1 view
Microsoft is excited to announce new Azure Bounty Program awards up to $60,000 to encourage and reward vulnerability research focused on the highest potential impact to customer security. These increased awards are a part of our ongoing investment in partnership with the security research community, and an important part of Microsoft’s holistic approach to defending against security threats.
Last reply by Cloaked, -
-
archTIS and Microsoft: Zero Trust information security for Microsoft Teams
by Guest Emma Jones- 0 replies
- 0 views
Microsoft Teams has seen a surge in growth during the pandemic with over 115 million daily active users and growing.1 With it, customer imperative for enabling safe and trustworthy online collaboration has also increased significantly. The speed and simplicity of Teams business users creating new teams and channels demands that IT and security groups have advanced tools and controls they might need to ensure business-critical information is properly protected. archTIS’ NC Protect has integrated with Microsoft Information Protection (MIP) to empower IT and business owners to easily create secure teams and channels and enable guest access, enforcing Zero Trust policies a…
-
Congratulations to the Top MSRC 2021 Q3 Security Researchers!
by Guest MSRC Team- 0 replies
- 0 views
Congratulations to all the researchers recognized in this quarter’s MSRC Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2021 Q3 Security Researcher Leaderboard are: BugHunter010 (840 points), Callum Carney (828 points), and Nir Ohfeld (525 points)! Each quarterly leaderboard … Congratulations to the Top MSRC 2021 Q3 Security Researchers! Read More » Continue reading...
-
-
- FPCH Admin
- 0 replies
- 1 view
Congratulations to all the researchers recognized in this quarter’s MSRC Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2021 Q3 Security Researcher Leaderboard are: BugHunter010 (840
Last reply by Cloaked, -
-
Power Platform is Here! Introducing the Dynamics 365 and Power Platform Bug Bounty Program
by Guest MSRC Team- 0 replies
- 0 views
Microsoft is excited to announce the addition of Power Platform to the newly rebranded Dynamics 365 and Power Platform Bounty Program. Through this expanded program, we encourage researchers to discover and report high impact security vulnerabilities they may find in the new Power Platform scope to help protect customers. We offer awards up to $20,000 … Power Platform is Here! Introducing the Dynamics 365 and Power Platform Bug Bounty Program Read More » Continue reading...
-
Power Platform is Here! Introducing the Dynamics 365 and Power Platform Bug Bounty Program
by Cloaked-
- FPCH Admin
- 0 replies
- 1 view
Microsoft is excited to announce the addition of Power Platform to the newly rebranded Dynamics 365 and Power Platform Bounty Program. Through this expanded program, we encourage researchers to discover and report high impact security vulnerabilities they may find in the new Power Platform scope to help protect customers. We offer awards up to $20,000 USD for eligible submissions.
Last reply by Cloaked, -
-
Azure network security helps reduce cost and risk according to Forrester TEI study
by Guest Emma Jones- 0 replies
- 0 views
As organizations move their computing from on-premises to the cloud, they realize that leveraging cloud-native security tools can provide additional cost savings and business benefits to their security infrastructure. Microsoft Azure network security offers a suite of cloud-native security tools to protect Azure workloads while automating network management, implementing developer security operations (DevSecOps) practices, and reducing the risk of a material security breach. We are excited to share that Forrester Consulting has just conducted a commissioned Total Economic Impact (TEI) study on behalf of Microsoft, which involved interviewing existing customers who have…
-
-
- FPCH Admin
- 0 replies
- 560 views
In 2021, cybercrime has become more sophisticated, widespread, and relentless. Criminals have targeted critical infrastructure—healthcare,1 information technology,2 financial services,3 energy sectors4—with headline-grabbing attacks that crippled businesses and harmed consumers. But there are positive trends—victims are coming forward, humanizing the toll of cyberattacks and prompting increased engagement from law enforcement. Governments are also passing new laws and allocating more resources as they recognize cybercrime as a threat to national security. Earlier this month, Microsoft published the 2021 Microsoft Digital Defense Report (MDDR). Drawing upon over 24 tril…
Last reply by AWS, -
-
Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors
by Guest Eric Avena- 0 replies
- 0 views
DEV-0343 is a new activity cluster that the Microsoft Threat Intelligence Center (MSTIC) first observed and began tracking in late July 2021. MSTIC has observed DEV-0343 conducting extensive password spraying against more than 250 Office 365 tenants, with a focus on US and Israeli defense technology companies, Persian Gulf ports of entry, or global maritime transportation companies with business presence in the Middle East. Less than 20 of the targeted tenants were successfully compromised, but DEV-0343 continues to evolve their techniques to refine its attacks. MSTIC noted that Office 365 accounts with multifactor authentication (MFA) enabled are resilient against passwo…
-
Microsoft’s 5 guiding principles for decentralized identities
by Guest Emma Jones- 0 replies
- 0 views
Three years ago, as part of Microsoft’s mission to empower people and organizations to achieve more, we announced that we were incubating a new set of decentralized identity technologies based on a simple vision: Each of us needs a digital identity we own, one which securely and privately stores all elements of our digital identity. This self-owned identity must be easy to use and give us complete control over how our identity data is accessed and used. During this incubation, customers and partners all around the world have helped us understand their challenges and the shortcomings of their existing identity systems. We’ve learned a ton through a set of successful …