Incident response

Incident response is the process of detecting, investigating, and responding to cyberattacks, security breaches, or IT incidents. Explore the latest trends and intelligence-driven strategies that help you prevent future attacks.

Refine Results

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

Retain Microsoft Security Experts
Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.
Get started
October 26, 2021

11 min read

Protect your business from password sprays with Microsoft DART recommendations

This blog discusses DART’s investigation techniques and approach to responding to password spray attacks while outlining recommendations for protecting against them.
September 27, 2021

9 min read

A guide to combatting human-operated ransomware: Part 2

In this post, we will tackle the risks of human-operated ransomware and detail DART’s security recommendations for tactical containment actions and post-incident activities in the event of an attack.
September 20, 2021

7 min read

A guide to combatting human-operated ransomware: Part 1

As human-operated ransomware is on the rise, Microsoft’s Detection and Response Team (DART) shares how they investigate these attacks and what to consider when faced with a similar event in your organization.
February 25, 2021

6 min read

Microsoft open sources CodeQL queries used to hunt for Solorigate activity

We are sharing the CodeQL queries that we used to analyze our source code at scale and rule out the presence of the code-level indicators of compromise (IoCs) and coding patterns associated with Solorigate so that other organizations may perform a similar analysis.
Secure and verify every identity with Microsoft Entra
Microsoft Entra expands beyond identity and access management with new product categories such as cloud infrastructure entitlement management (CIEM) and decentralized identity.
Learn more
February 11, 2021

9 min read

Web shell attacks continue to rise

A year ago, we reported the steady increase in the use of web shells in attacks worldwide.
December 21, 2020

17 min read

Advice for incident responders on recovery from systemic identity compromises

Customers across the globe are asking for guidance on recovering their infrastructure after being impacted by Solorigate.
December 18, 2020

17 min read

Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers

We, along with the security industry and our partners, continue to investigate the extent of the Solorigate attack.
December 17, 2020

5 min read

A “quick wins” approach to securing Azure Active Directory and Office 365 and improving your security posture

This blog post will explain simple Microsoft security defaults and Secure Score—two features you should take advantage of that are easy to utilize and can significantly improve security in Azure AD and Office 365 configurations.
Prevent threats with Microsoft Defender
The Microsoft Defender family offers comprehensive threat prevention, detection, and response capabilities for everyone—from individuals looking to protect their family to the world’s largest enterprises.
Explore products
July 28, 2020

5 min read

Empower your analysts to reduce burnout in your security operations center

Strategic use of automation and metrics can help you create a continuous learning culture that keeps your team engaged in the work.
July 20, 2020

4 min read

Hello open source security! Managing risk with software composition analysis

Software composition analysis guides the selection and management of open source components to help you reduce your security risk.
May 6, 2020

6 min read

How to gain 24/7 detection and response coverage with Microsoft Defender ATP

Security incidents don’t happen exclusively during business hours: attackers often wait until the late hours of the night to breach an environment.
May 4, 2020

7 min read

CISO Series: Lessons learned from the Microsoft SOC—Part 3c: A day in the life part 2

This blog wraps up the day in the life of a SOC analyst on the investigation team with insights on remediating incidents, post-incident cleanup, and impact of COVID-19 on the SOC.