Infrastructure + Security: Noteworthy News (July, 2018)



AskPFEPlat is in the process of a transformation to the new Core Infrastructure and Security TechCommunity, and will be moving by the end of March 2019 to our new home at (hosted at Please bear with us while we are still under construction!

We will continue bringing you the same great content, from the same great contributors, on our new platform. Until then, you can access our new content on either as you do today, or at our new site Please feel free to update your bookmarks accordingly!

Why are we doing this? Simple really; we are looking to expand our team internally in order to provide you even more great content, as well as take on a more proactive role in the future with our readers (more to come on that later)! Since our team encompasses many more roles than Premier Field Engineers these days, we felt it was also time we reflected that initial expansion.

If you have never visited the TechCommunity site, it can be found at On the TechCommunity site, you will find numerous technical communities across many topics, which include discussion areas, along with blog content.

NOTE: In addition to the AskPFEPlat-to-Core Infrastructure and Security transformation, Premier Field Engineers from all technology areas will be working together to expand the TechCommunity site even further, joining together in the technology agnostic Premier Field Engineering TechCommunity (along with Core Infrastructure and Security), which can be found at!

As always, thank you for continuing to read the Core Infrastructure and Security (AskPFEPlat) blog, and we look forward to providing you more great content well into the future!


Hi there! Stanislav Belov is here with the next issue of the Infrastructure + Security: Noteworthy News series!  

As a reminder, the Noteworthy News series covers various areas, to include interesting news, announcements, links, tips and tricks from Windows, Azure, and Security worlds on a monthly basis.

Microsoft Azure
Azure DDoS Protection for virtual networks generally available
Distributed Denial of Service (DDoS) attacks are intended to disrupt a service by exhausting its resources (e.g., bandwidth, memory). DDoS attacks are one of the top availability and security concerns voiced by customers moving their applications to the cloud. With extortion and hacktivism being the common motivations behind DDoS attacks, they have been consistently increasing in type, scale, and frequency of occurrence as they are relatively easy and cheap to launch. Azure DDoS Protection Standard service is now available in all public cloud regions. This service is integrated with Azure Virtual Networks (VNet) and provides protection and defense for Azure resources against the impacts of DDoS attacks.
Eight Essentials for Hybrid Identity: #3 Securing your identity infrastructure
The volume of these current threats shows a significant rise, and new threats are emerging as well centered around IoT (Internet of Things), privacy, and consent. While we fight the good fight to ward off threats in your cloud infrastructure, we’d also like to recommend steps that you can take that could immediately protect your hybrid infrastructure. But before we can even start, ensure all your privileged Azure AD roles are protected with multi-factor authentication. Recently Microsoft released a baseline protection policy providing a one-click experience to protect privileged Azure AD roles.
Azure AD Password Protection and Smart Lockout are now in Public Preview!
Many of you know that unfortunately, all it takes is one weak password for a hacker to get access to your corporate resources. Hackers can often guess passwords because regular users are pretty predictable. Regular users create easy to remember passwords, and they reuse the same passwords or closely related ones over and over again. Hackers use brute force techniques like password spray attacks to discover and compromise accounts with common passwords, an attack pattern we told you about back in March.
Announcing public preview of Azure Virtual WAN and Azure Firewall
To help customers with these massive modernization efforts, we are announcing Azure Virtual WAN to simplify large-scale branch connectivity, and Azure Firewall to enforce your network security polices while taking advantage of the scale and simplicity provided by the cloud.
Microsoft Azure launches tamper-proof Azure Immutable Blob Storage for financial services
Azure Immutable Blob Storage is now in public preview – enabling financial institutions to store and retain data in a non-erasable and non-rewritable format – and at no additional cost. Azure Immutable Blob Storage meets the relevant storage requirements of three key financial industry regulations: the CFTC Rule 1.31(c)-(d), FINRA Rule 4511, and SEC Rule 17a-4. Financial services customers, representing one of the most heavily regulated industries in the world, are subject to complex requirements like the retention of financial transactions and related communication in a non-erasable and non-modifiable state. These strict requirements help to provide effective legal and forensic surveillance of market conduct.
Windows Server
Remote Desktop web client now generally available

On July 16th we announced the general availability of the Remote Desktop web client for Windows Server 2016 and Windows Server 2019 Preview. With a few simple PowerShell cmdlets, the client can be added to an existing Remote Desktop Services deployment, side by side with the RDWeb role.

Server Core and Server with Desktop: Which one is best for you

On March 20, 2018 we announced the availability of Windows Server 2019 preview, the next Long-Term Servicing Channel (LTSC) release in the Windows Insider program. Seven weeks later, we released Windows Server, version 1803, the latest release in the Semi-Annual Channel. The Semi-Annual Channel primarily focuses on rapid application development. New cloud-born applications or migrated (“lift-and-shift”) traditional applications benefit significantly from the isolation, predictability, and orchestration offered by containers. Of course, container orchestrators are also cloud-based, which means that there is very little need to run an interactive desktop on the host operating system in these scenarios, so we’ve only included the Server Core installation option in the Semi-Annual Channel. Now that we’re about to release on both channels, and that we’re including the Server with Desktop Experience on only one of the channels, it’s a good time to talk about Server Core versus Server with Desktop Experience.

Introducing the Windows Server Storage Migration Service

The Storage Migration Service is a new feature of Windows Server 2019 Preview which helps you migrate servers and their data without reconfiguring applications or users.

Windows Client
Windows 10 quality updates explained & the end of delta updates

With Windows 10, quality updates are cumulative. Installing the most recent update ensures that you receive any previous updates you may have missed. We used a cumulative update model to reduce ecosystem fragmentation, and to make it easier for IT admins and end users to stay up to date and secure. However, cumulative updates can prove challenging when it comes to the size of the update and the impact that size can have on your organization’s valuable network bandwidth.

Windows Autopilot: What’s new and what’s next

With Windows 10, we are focused on delivering a simpler, more powerful and intelligent IT experience by deepening integration across Microsoft’s products, creating a unified Microsoft 365 solution. Windows Autopilot simplifies the deployment of new Windows 10 devices in your organization by eliminating the need for IT to create, maintain and apply custom images, dramatically reducing the cost and complexity involved with custom imaging. You can now deliver new Windows 10 devices directly to your users without IT having to touch the device. With just a few simple clicks, your users can get up and running. With Windows Autopilot, the experience of deploying new Windows 10 devices is simple for end users and zero touch for IT—seamlessly integrated across Windows 10, Microsoft Intune, and Azure AD.

Hawkeye Keylogger – Reborn v8: An in-depth campaign analysis

Hawkeye Keylogger is an info-stealing malware that’s being sold as malware-as-a-service. Over the years, the malware authors behind Hawkeye have improved the malware service, adding new capabilities and techniques. It was last used in a high-volume campaign in 2016.

Application whitelisting with “AaronLocker”
AaronLocker is designed to make the creation and maintenance of robust, strict, AppLocker-based whitelisting rules as easy and practical as possible. The entire solution involves a small number of PowerShell scripts. You can easily customize rules for your specific requirements with simple text-file edits. AaronLocker includes scripts that document AppLocker policies and capture event data into Excel workbooks that facilitate analysis and policy maintenance.
Microsoft Teams: Protecting against advanced threats
Office 365 Advanced Threat Protection (ATP) can help to safeguard your organization from this threat by “detonating” (executing) files uploaded to Microsoft Teams (specifically the SharePoint/Office 365 Group on the back-end) to validate it is a legitimate file and contains no malicious code that can do harm. This feature comes with Microsoft 365 E5, Office 365 E5, or available as an add-on to an existing Office 365 subscription.
Vulnerabilities and Updates
July 2018 servicing release for Microsoft Desktop Optimization Pack

The July 2018 MDOP servicing release is available for download. This release contains a hotfix package for MBAM 2.5 SP1 which fixes several issues and adds support for SQL server 2017.

Support Lifecycle
4 month retirement notice: Access Control Service
The Access Control Service, otherwise known as ACS, is officially being retired. ACS will remain available for existing customers until November 7, 2018. After this date, ACS will be shut down, causing all requests to the service to fail.
Announcing new options for SQL Server 2008 and Windows Server 2008 End of Support

It’s incredible how much and how rapidly technology evolves. Microsoft’s server technology is no exception. We entered the 2008 release cycle with a shift from 32-bit to 64-bit computing, the early days of server virtualization and advanced analytics. Fast forward a decade, and we find ourselves in a full-blown era of hybrid cloud computing with exciting innovation in data, artificial intelligence, and more.

Microsoft Premier Support News
We are happy to announce the release of Azure Active Directory Assessment. The purpose of this three-day Azure Active Directory (Azure AD) assessment is to provide you with a recommendation report and plan of action to improve your Azure AD environment based on best practices and expert knowledge. The assessment provides a detailed report for gap analysis of Azure Active Directory capabilities’ status, and guidance on how to utilize them, aiming to accelerate Microsoft Azure AD value to the business, improve consumption and productivity.
Check out Microsoft Services public blog for new Proactive Services as well as new features and capabilities of the Services Hub, On-demand Assessments, and On-demand Learning platforms.