In my last post, I outlined how you can enable BitLocker with PowerShell and manage key protectors. Today, I...
Enable BitLocker with PowerShell

BitLocker is a volume encryption technology that was first introduced in Windows Vista and Windows Server 2008. Like other...
Directory Services Restore Mode: DSRM password reset, recover Active Directory

Have you ever received the following error message when you tried to sign in on a domain controller? We...
Find AD accounts with ChangePasswordAtLogon, set and enforce password change with PowerShell

Admins can prompt users to change their password at their next login. While it is easy to see the...
Configure Defender exploit protection using PowerShell and Group Policy

Under the term exploit protection, Microsoft brings together several technologies intended to protect against malware attacks. Among them are...
Enable two-factor authentication for SSH in Linux

In this article, you will learn how to enable two-factor authentication for SSH in Linux. Secure Shell (or SSH)...
Manage Defender Antivirus using Intune

Defender Antivirus is Microsoft's built-in antivirus, available in Windows 10/11 and Windows Server. You can manage this security component...
Configure attack surface reduction in Microsoft Defender using Group Policy or PowerShell

In addition to the virus scanner, Microsoft Defender offers other security functions. These include the reduction of the attack...
Exchange impersonation: Grant permissions to service accounts

Many organizations use software that needs access to users' mailboxes. In this case, it makes sense to assign the...
Data loss prevention policies (DLP) in Microsoft Teams

Data loss prevention (DLP) is a handy feature in Microsoft 365 that shields data. In the previous article, you...
Windows Defender Application Control (WDAC): Secure Windows 10 / 11 against malicious apps and rogue drivers with recommended WDAC block rules

Windows Defender Application Control (WDAC) allows controlling which applications and drivers can run in Windows. Microsoft provides a recommended...
Enable AppLocker on Windows 10 Pro and Windows 11 Pro with PowerShell

In the past, AppLocker was available only for Windows Enterprise and Education subscribers. In this post, I will show...
LAPS in Windows 11: Password encryption and DSRM account management

The Local Administrator Password Solution (LAPS) prevents companies from using the same password for local admin accounts on all...
What is IAM in AWS?

What is IAM in AWS? AWS IAM, on a broad level, refers to who can access what with a...
Configure DMARC for SPF and DKIM

Domain-based Message Authentication Reporting and Conformance (DMARC) is a validation system that ties both SPF and DKIM together to...
DKIM vs. SPF

In my last post, I explained how to configure DKIM. Today, I will cover the difference between DKIM and...
Secure email and privacy in the cloud with Proton for Business

Proton for Business provides secure email for the cloud with support for calendaring, file storage, and VPN services focused...
How to configure DKIM

In my previous post, you learned about the sender policy framework (SPF) and its importance in your domain. In...
How to create an SPF Record: Prevent email spoofing

The Sender Policy Framework (SPF) is a technique that prevents email spoofing. In this article, you will learn the...
Setting up Microsoft Defender for Business with a simplified configuration

One of the problems with enterprise security is that it has typically been challenging to configure. However, Microsoft Defender...