Infrastructure + Security: Noteworthy News (September, 2017)

Hi there! Stanislav Belov here to bring you the September edition of the Infrastructure + Security: Noteworthy News series! As a reminder, the Noteworthy News series covers various areas, to include interesting news, announcements, links, tips and tricks from Windows, Azure, and Security worlds on a monthly basis. Enjoy! Microsoft Azure Backup and disaster recovery… Read more

Securing Privileged Access for the AD Admin – Part 2

Hello everyone, my name is still David Loder, and I’m still PFE out of Detroit, Michigan. Hopefully you’ve read Securing Privileged Access for the AD Admin – Part 1. If not, go ahead. We’ll wait for you. Now that you’ve started implementing the roadmap, and you’re reading this with your normal user account (which no… Read more

Securing Privileged Access for the AD Admin – Part 1

Hello again, my name is still David Loder, and I’m still a PFE out of Detroit, Michigan. I have a new confession to make. I like cat videos. Your end users like cat videos. You may like cat videos yourself. Microsoft will even help you find cat videos. Unfortunately, cat videos may have it out… Read more

Replication Hurricanes: Why Restricted Groups are a No-Go for Domain Based Groups

Hi everyone! My name is Tim Medina, Premier Field Engineer, and today we are going to take a brief look at GPOs with a focus on restricted groups. More importantly, we will discuss how, if used in an unsupported manner, you can cause your very own replication hurricane. But, before we get into that let’s… Read more

Securing RDP with IPSec

Hi Everyone, this is Jerry Devore back with a follow-up topic from my previous post on Privileged Administrative Workstations (PAW) which is a hardened device configuration used to protect privileged credentials. In that post, I mentioned that it is possible to use IPsec to ensure an admin can only make a RDP connection to Tier… Read more

Securing Credentials for Privileged Access

  Hello, Paul Bergson back again. I have been on the road a bit more than normal doing security training/POC deliveries (POP-SLAM *1) for our customers related to Pass-the-Hash and credential protection. I have noticed an alarming trend in how credential protection is thought to resolve a customer’s credentials from being compromised. Enterprises that are… Read more

AskPFEPlat Ask Me Anything-September 2016

UPDATE (9/26/2016 @ 10:45a ET): Thank you all for your participation in this AskPFEPlat Ask Me Anything Q&A blog session! We are ending active questioning at this time. Rest assured, if you have asked us questions and have not yet gotten a response, we are still working on it. Additionally, we would like to request feedback on… Read more

AppLocker – Another Layer in the Defense in Depth Against Malware

Hello, Paul Bergson here with a discussion on Security in particular utilizing Microsoft’s AppLocker to help prevent the infection of Malware. Ransomware has been getting a lot of attention. There have been several high profile attacks in the press over the past few months and Understanding the Risk is important. If people don’t understand the… Read more

Preparing for DAC

Hello everyone. This is Randy Turner to share some insights learned with implementing Dynamic Access Control (DAC.) There are numerous posts which I will share at the end to discuss the steps to implement all the features covered by DAC, but very little on how to adopt these changes. DAC is just an outcome from… Read more

The Importance of KB2871997 and KB2928120 for Credential Protection

Hello, my name is Paul Bergson and this is my first time writing a blog for AskPFEPlat. I am a platforms PFE in the Premier division of Microsoft. If my name looks familiar, it could be because I spent about 10 years in TechNet’s Directory Service Forum as an MVP and Moderator (pbbergs). I wanted… Read more