Fortify Your Logs: A Guide to Secure, Cross-Zone Log Aggregation in Azure with Loki

Build a secure, pull-based log pipeline that centralizes DMZ logs without punching holes through your firewall using Grafana Loki, Azure Event Hubs, and Private Link.
Adam Bertram Avatar
Adam Bertram 11 min. read

How to Fix Active Directory’s #1 Weak Point in 2026: Passwords

It's 2026. Despite years of momentum around passwordless authentication, the reality in most enterprise environments is still the same: Active Directory remains at the core of identity infrastructure, and passwords are still the primary authentication mechanism. In that context, it's important to be clear: investing in an EDR or a SIEM does not automatically eliminate the biggest identity risks. A single credential leak, whether through phishing, password spraying, reuse, or data exposure, can be enough to compromise an entire Active Directory domain. At the same time, relying solely on traditional password best practices (complexity rules, uppercase letters, special characters, etc.) is no longer sufficient. That's not surprising: attack techniques have evolved significantly, while Active Directory's native security controls around credentials and authentication have seen limited evolution over the years. In this article, we'll break down the most common attack paths and the technical limitations of Active Directory, before exploring practical mitigation strategies and solutions that can effectively address these weaknesses. Why Active Directory Remains a Prime Target To understand why Active Directory remains one of the top targets, you need to look at the role it plays in enterprise environments. In most organizations, on-premises Active Directory is still the authoritative source of truth for authentication and access control. This remains true even in many hybrid setups, where Microsoft Entra ID (formerly Azure AD) handles cloud identities while AD continues to anchor the core identity layer. On a day-to-day basis, Active Directory is heavily involved in critical workflows: Kerberos authentication, access to file servers, RDP logons to servers, VPN authentication, and much more. In many cases, AD also extends into the cloud through Microsoft Entra Connect, synchronizing user objects, and often password hashes, to support hybrid identity scenarios. As a result, compromising Active Directory effectively means gaining control over the entire identity backbone: the "keys to the kingdom." That alone explains why AD remains a priority target wherever it is deployed.
Adam Bertram Avatar
Adam Bertram 8 min. read

How to Automate Azure VM Patching with Update Manager

Learn how Azure Update Manager automates patching across Azure VMs using native extensions, periodic assessment, and custom maintenance windows—without Log Analytics or Automation accounts.
Adam Bertram Avatar
Adam Bertram 9 min. read

A Practical Guide to Hosting and Managing Remote MCP Servers on Azure

Learn how to deploy MCP servers on Azure Container Apps, App Service, and Functions with proper authentication, SSE configuration, and production-ready infrastructure.
Adam Bertram Avatar
Adam Bertram 11 min. read

Effortless Spark: A Beginner\’s Guide to Serverless Workspaces in Azure Databricks

Learn how Azure Databricks serverless workspaces eliminate infrastructure complexity. This beginner's guide covers setup, costs, limitations, and when to use serverless vs traditional deployments.
Adam Bertram Avatar
Adam Bertram 6 min. read

EasyEntra: A Look at Hybrid User Management with Virtual Templates

EasyEntra consolidates Active Directory and Entra ID management into a single interface. This hands-on review explores Virtual User Templates—a feature that standardizes user provisioning across hybrid environments.
Adam Bertram Avatar
Adam Bertram 4 min. read

Outsmart Attackers: A Guide to Advanced Ransomware Protection with Azure NetApp Files

Learn how to configure advanced ransomware protection in Azure NetApp Files using ML-based detection to catch attacks before they destroy your data.
Adam Bertram Avatar
Adam Bertram 7 min. read

Active Directory: Add MFA to Windows with Specops Secure Access

Learn how to deploy Specops Secure Access to add multi-factor authentication (MFA) to Windows logins and Remote Desktop connections in Active Directory environments.
Adam Bertram Avatar
Adam Bertram 7 min. read

Automating Docker Container Health Checks with Python and Local Notifications

Docker's built-in health checks are passive—they tell Docker when a container fails, but do they tell you? In this tutorial, we'll build a lightweight Python monitoring system that runs entirely on your infrastructure with zero external dependencies. You'll learn to detect container failures in real-time, send instant alerts, and maintain a complete audit log of every state change.
Adam Bertram Avatar
Adam Bertram 19 min. read

How to Block Known Bad Active Directory Passwords

In this article, we will explore why and how to block the use of certain passwords for Active Directory user accounts. In an Active Directory environment, password security is a critical factor in protecting user accounts against cyberattacks. However, even with a strict password policy in place, some users or administrators may still choose weak passwords or ones that can be easily guessed. To strengthen the security of your domain, it is possible to prevent the use of specific passwords.
Adam Bertram Avatar
Adam Bertram 8 min. read

Migrating from PowerShell 6 to 7.5: Breaking Changes/New Features

Migrate from PowerShell Core 6 to 7.5: breaking changes, features, and testing tips.
Adam Bertram Avatar
Adam Bertram 4 min. read

Boost your Active Directory Security with this Free Audit

Scan your Active Directory passwords for strength and find weaknesses with a free Specops audit.
Adam Bertram Avatar
Adam Bertram 3 min. read

Fortifying the Frontline: Protecting Helpdesks from Social Engineering

Helpdesks are prime targets for social engineering. Specops Secure Service Desk ensures only verified users gain access, stopping attackers at the source.
Adam Bertram Avatar
Adam Bertram 4 min. read

How to Use Cursor Notepads to Enforce Your Team’s Coding Standards

Learn how to make Cursor's AI generate code that automatically matches your team's style guide using persistent Notepads, eliminating manual cleanup and ensuring consistency.
Adam Bertram Avatar
Adam Bertram 4 min. read

How to Add Timeouts to Pester Tests with PowerShell Runspaces

Prevent Pester tests from hanging indefinitely using PowerShell runspaces. Learn to handle variable scoping, module loading, TestDrive access, and stream capture challenges with timeout protection.
Adam Bertram Avatar
Adam Bertram 6 min. read

PowerShell 101: Creating a Module Manifest

Maybe you've put together some great functions but struggle to make them cohesive, intuitive, or shareable. Without a way to define your module's identity and functionality, managing or scaling as your scripts evolve into robust tools can be a headache. Not unless you have a module manifest in place.
Adam Bertram Avatar
Adam Bertram 5 min. read

Refactoring with AI: Why “Fix Everything” Is a Terrible Prompt

Transform your AI coding workflow: Learn why asking AI to 'fix everything' fails spectacularly and discover my battle-tested, step-by-step framework for effective AI refactoring that turns chaotic code into clean architecture—without breaking your app.
Adam Bertram Avatar
Adam Bertram 5 min. read

When a Script is Worth a Thousand AI Prompts

When traditional scripts outshine AI: a developer's journey back to automation basics.
Adam Bertram Avatar
Adam Bertram 8 min. read