imageHave you completed our BlueHat conference planning survey?

If not, please do so. It only takes a few minutes and will help us ensure we’re creating an event that best meets the needs of the security research community.  Thank you!

(Visit the Bluehat site on Microsoft’s web site at

Posted by: kurtsh | October 2, 2022

INFO: Diagnosing high Microsoft Defender CPU utilization

example-outputHave you ever seen your CPU fan spin up to 100% and when you look at Task Manager, you see high CPU usage by Microsoft Defender (msmpeng.exe) but when you open up Defender, it’s not running a full scan?

  1. Launch
    New-MpPerformanceRecording -recordto c:\1.etl
  2. Let the process run for bit
  3. Launch
    Get-MpPerformanceReport c:\1.etl -topprocesses 100

I saw this technique posted by SwiftOnSecurity and he/she discovered that “Dell SupportAssist was poking all EXE files on the drive, triggering on-access scans” by Defender.

SwiftOnSecurity recommended reading the training module, “Performance Analyzer for Microsoft Defender Antivirus” for all Microsoft Defender administrators – including plain Microsoft Defender Antivirus, as well as Microsoft Defender for Endpoint.

Quote: “You should baseline your machines at idle and see what is causing spurious activity you haven’t tuned for.”

Posted by: kurtsh | September 19, 2022

INFO: 5 Tips & Tricks for Using Microsoft OneNote

Microsoft OneNote, the best cloud-enabled notetaking solution, is still available completely free for Windows (32 or 64), Mac, iOS, Android & Web. Syncs to OneDrive for central backup & highly extensible. An absolutely critical tool in my arsenal.

Assuming you already have OneNote installed and in use, let’s go over a few cool tools & tricks to have up your sleeve to become a Power User.

OneNote is also supported by a great ecosystem of utilities, add-ins & tools.  Here’s one of my favorite companies that make 3rd party add-ins – OneNoteGem. They make an number of killer add-ins for OneNote including:

Another great tool is OneTastic – a programmable macro tool for OneNote.  Imagine automating keystrokes & menu clicks for quick execution of repetitive tasks in OneNote:  That’s OneTastic.  And they have a massive library of macros called Macroland – pre-created for you to use.

imageOneTastic has the main tool for a subscription fee and they also make available OneCalendar, a FREE tool to help you see all the OneNote pages you’ve edited over the past month.

Something some folks don’t know is you can create workflows & automations that trigger on OneNote activity using Microsoft Power Automate. Here’s some flow samples & documentation:

OneNote is great for IT Professionals, students/teachers, project managers, lawyers & legal staff, administrative professionals, creative writers & content developers.  Here’s some of the many articles written on using OneNote in various capacities:

imageFor those of you that depend on OneNote like I do – but write too many pages and lose track of where all those pages are, this is a tool I use that lists out all the OneNote pages that you wrote/edited over the past month in a calendar view.

The tool is for Windows, completely free and can be pinned to your Taskbar for quick access.  You can:

  • Configure the font size to fit lots of notes in a single day
  • Configure the display to show pages on the created date, the last modified date or both
  • Show OneNote page previews when you hover over the title of a note
  • Select which notebooks to display

Download the tool here:

I guess I forgot to post this a year ago to this blog.  Shame on me. 

Dave Weston, Microsoft Vice President of Enterprise OS Security & noted “Hacker-in-Chief” at Microsoft, did a demo where he demonstrated how Windows 10 (and prior Windows releases) can be compromised either remotely or with physical access… and how Windows 11 protects against such attacks.

imageStay ahead of external and internal threats — and balance performance, reliability, and security with Windows 11. Dave Weston, Windows security expert, joins Jeremy Chapman to share the rationale behind hardware requirements and how they provide significantly more protection against today’s most sophisticated malware and attacks.

Cyber attacks are at an all time high. Many of the optional or high-end security controls from Windows 10 are now on by default and required on new machines with Windows 11. The Zero Trust security model is baked into Windows 11, from the silicon on the board itself, to the actual boot process, your login as a user, and the apps you use in your Windows session every day.

  • See the sites that hackers use, and find out if your organization is exposed.
  • Protect Windows from remote and in-person attacks with Virtualization-based Security.
  • UEFI, Secure Boot and Trusted Boot stop rootkits or bootkits.
  • Secure encryption keys, user credentials, and sensitive data behind a hardware barrier. Windows 11 requires TPM 2.0 on new installs by default.

Watch the video here:

Posted by: kurtsh | September 16, 2022

INFO: Cloud-based Development Environments from Microsoft

Here’s 4 solutions we provide that address the needs of Windows users & Developers that want configurable, remotely-accessible Windows 10/11 workstations hosted in the cloud.

  1. Azure Virtual Desktop
    imageMicrosoft’s Enterprise cloud-hosted VDI offering.  A fully IT-managed Virtual Desktop Infrastructure platform with complete configurability for OS, software & hardware. Optionally available for integration with 3rd party tools including Citrix XenDesktop, VMware Horizon, and other historically on-prem 3rd party VDI solutions.  Costs are determined based on monthly usage & configuration.  The original Microsoft hosted desktop offering and the one with the greatest maturity & largest ecosystem.
  2. Microsoft Windows 365
    imageProvides a Windows 10/11 virtual machine and persists the user’s personalized apps, content, and settings—from the Microsoft cloud to any device.  Uniquely available in “t-shirt sizes” providing a flat monthly price for each subscribed VM, ranging from $31-$66/month depending on configuration – with the caveat that there is very little flexibility in hardware configuration beyond what initial VM option is chosen.  With different options available for small & medium businesses vs Enterprise-class customers, Windows 365 provides a turnkey solution for individuals and organizations looking for a balance between predictable costs as well as VM-level flexibility.
  3. Microsoft Dev Box – Virtual Machines for Developers
    imageService that provides hosted Windows hardware & software tailored to development work. Enables quick provisioning of standard tools & platform software for developers in a hosted environment.  Leverages Windows 365 as the backend.  Full hosted Windows VM – full control over the hosted environment to install applications like SQL Server.  Can be managed using Intune/Endpoint Manager.  Works with any IDE and any source control system that runs on Windows.  Can be managed using Intune, Endpoint Manager or the Azure portal.
    (Video overview of Dev Box is available here:
  4. Github Codespaces
    imageGitHub Codespaces provides cloud-powered development environments for any activity – whether it’s a long-term project, or a short-term task like reviewing a pull request. You can work with these environments from Visual Studio Code or in a browser-based editor but Visual Studio’s IDE is not yet available.  As a fully managed environment created in the cloud, Codespaces does not enable modifications to the operating environment like Dev Box does but also absolved the developer of the complexity of an unmanaged environment.
    (Video overview of Github Codespaces is available here:
    Note: Visual Studio Online was renamed to Visual Studio Codespaces then subsequently merged into Github Codespaces.

Wanna take Azure classes from Microsoft’s own Deployment Engineering team?  Get ready to register for “Learn Live: FastTrack for Azure”.

imageLearn along with expert Azure engineers as they walkthrough hands-on exercises, share demos, and answer your questions to connect the dots and accelerate your Azure solution implementation. This interactive and on-demand series will cover a variety of Azure solution areas as directly requested by customers. Our engineers are eager to help you gain skills and apply them on your learning and deployment journey, including answering your questions.

Join us for this live learning experience where you will be guided by subject matter experts through the Learn modules below in real time along with developers around the globe. Earn badges, prepare for certifications and Learn Live with a great community! See you there 🙂

The following classes are scheduled & registration is first come, first served – and NO, I can’t get you in if it’s booked full, so register now!

For descriptions of each class, visit:

Posted by: kurtsh | September 10, 2022

RELEASE: Microsoft Defender Experts for Hunting

ThreatHuntingMicrosoft Defender Experts for Hunting hits general availability to support organizations and their cybersecurity employees with proactive threat hunting.

Defender Experts for Hunting was created for customers who have a robust security operations center but want Microsoft to help them proactively hunt threats using Microsoft Defender data. Defender Experts for Hunting is a proactive threat hunting service that goes beyond the endpoint to hunt across endpoints, Microsoft Office 365, cloud applications, and identity.

Capabilities include:

  • Threat hunting and analysis—Defender Experts look deeper to expose advanced threats and identify the scope and impact of malicious activity associated with human adversaries or hands-on-keyboard attacks.
  • Defender Experts Notifications—Notifications show up as incidents in Microsoft 365 Defender, helping to improve your security operations’ incident response with specific information about the scope and method of entry.
  • Experts on Demand—Click the “Ask Defender Experts” button in the Microsoft 365 Defender portal to get expert advice about threats your organization is facing. You can ask for help on a specific incident, nation-state actor, or attack vector.
  • Hunter-trained AI—Defender Experts share their learning back into the automated tools they use to improve threat discovery and prioritization.
  • Reports—An interactive report summarizing what we hunted and what we found.

Want to opt in out find out more? check the below.

EnergySavingThe Xbox One in standby mode uses 10-15.7 watts — the most of all next-generation consoles… and it’s always consuming that power 24/7. 

Enable "Energy Saving" mode to drop power usage to .4-.5 watts & save money on your electrical bill.

Read more below on how to do this &what the power consumption is for each Xbox console type:

Posted by: kurtsh | September 9, 2022

TRAINING: Azure Landing Zones

imageNeed a short 11min video on what an “Azure Landing Zone” is and why it should be the 1st thing you do as an Azure Administrator of a new Azure subscription?

00:00 Introduction of Azure Landing Zone updates
00:49 Driving events that push you to consider the Cloud
01:42 Updates to the architecture
02:24 Modular approach that’s scalable and repeatable
03:40 Root Management Group – organize subscriptions for services
04:30 On ramps for various starting points
05:43 Land Zone Review
7:50 Build with Landing Zone Accelerator
11:08 How to get started

Watch the full video with references here:

« Newer Posts - Older Posts »