All news with #microsoft tag

Turn Windows 11 Migration into a Security Opportunity

🔒 Organizations should treat the Windows 11 migration as a strategic security opportunity rather than a routine OS update. While some users resist moving from Windows 10 or explore alternatives like Linux or legacy releases, those choices can introduce operational headaches and security gaps, especially as Microsoft phases out support. Use the transition to validate backups, recovery objectives, and patch posture to reduce exposure to unpatched vulnerabilities that increasingly target MSPs and their clients.

AWS Offers Microsoft SQL Server 2025 License-Included AMIs

🚀 Amazon EC2 now provides License-Included (LI) AMIs for Microsoft SQL Server 2025, enabling fast deployment of the latest SQL Server release on Windows EC2 instances. These managed images are created and maintained by AWS and default to TLS 1.3 for improved security and performance. AMIs include preinstalled management tools such as AWS Tools for Windows PowerShell, AWS Systems Manager, and AWS CloudFormation, plus network and storage drivers. The images are available in all commercial AWS Regions and AWS GovCloud (US), simplifying provisioning and lifecycle management for enterprise workloads.

Attack Surface Management: 12 Tools to Harden Perimeter

🔒 Regular network scans are no longer sufficient to secure modern environments. This article reviews a dozen Attack Surface Management solutions—covering both CAASM and EASM approaches—that automate asset discovery, continuous monitoring, and risk prioritization. Vendors highlighted include Axonius, CrowdStrike, Microsoft Defender, Palo Alto Xpanse, and others that integrate with existing SOC tooling and often leverage agentic AI to assist detection and remediation. It concludes with seven practical questions to evaluate ASM needs, automation, remediation paths, and pricing models.

Sneaky2FA PhaaS Adds Browser-in-the-Browser Deception

🔒 Sneaky2FA has integrated a Browser-in-the-Browser (BitB) pop-up that impersonates Microsoft sign-in windows and adapts to the victim’s OS and browser. Used alongside its existing SVG-based and attacker-in-the-middle (AitM) proxying, the BitB layer renders a fake URL bar and loads a reverse-proxy Microsoft login to capture credentials and active session tokens, enabling access even when 2FA is active. The kit also employs heavy obfuscation and conditional loading to evade analysis.

Thunderbird Gains Native Microsoft Exchange Support

📧 Thunderbird 145 introduces built-in support for Microsoft Exchange email via the Exchange Web Services (EWS) protocol, eliminating the need for third-party add-ons in Exchange-hosted environments. The client auto-detects account settings and uses Microsoft’s OAuth2 for authorization to simplify migration from Outlook. Initial capabilities include full folder listings, message synchronization, message operations (view, send, reply, forward, move, copy, delete), attachment handling, subject/body search and quick filtering for Microsoft 365 domains with standard OAuth2 and for on-premise Exchange using basic password authentication. The Thunderbird team says additional features such as calendar syncing, address book support, Microsoft Graph integration and expanded authentication options (NTLM, tenant-specific OAuth2) are planned but not yet available.

Windows 11 Introduces Cloud Rebuild and PITR Recovery

☁️ Microsoft unveiled two Windows 11 recovery capabilities — Point-in-Time Restore (PITR) and Cloud Rebuild — designed to reduce downtime and simplify device recovery. PITR builds on System Restore by capturing full system snapshots, enabling admins and users to roll a device back to a known-good state, including local files and applications. Cloud Rebuild allows remote reinstallation through Intune, leveraging Autopilot, OneDrive, and Windows Backup for Organizations to restore settings and data.

Sneaky 2FA Kit Adds BitB Pop-ups That Mimic Address Bar

🔒 Push Security says the Sneaky 2FA Phishing-as-a-Service kit now leverages Browser-in-the-Browser (BitB) pop-ups to impersonate Microsoft login pages and conceal malicious URLs. Victims first pass a Cloudflare Turnstile bot check before a fake "Sign in with Microsoft" flow is loaded in an embedded BitB window that exfiltrates credentials and session data. The campaign pairs conditional loading, developer‑tool blocking, obfuscation, and rapid domain rotation; organizations should tighten conditional access and users should avoid unknown links and browser extensions.

Microsoft to Natively Integrate Sysmon in Windows 11

🛡️ Microsoft will integrate Sysmon natively into Windows 11 and Windows Server 2025, removing the need to deploy the standalone Sysinternals tool. The built-in functionality will preserve Sysmon’s capabilities, including support for custom configuration files and advanced event filtering, and logs events to the Windows Event Log. Administrators can enable it via Optional Features or run sysmon -i (or sysmon -i <config>) to load a custom configuration, and updates will be delivered through Windows Update to simplify management and improve coverage in large environments.

Microsoft Teams adds false-positive threat report option

🔔 Microsoft is adding a user-driven false-positive reporting capability to Microsoft Teams, allowing users to flag chat or channel messages they believe were incorrectly marked as security threats. The feature began a targeted rollout in September and is scheduled to reach general availability worldwide by the end of November 2025. It will be available to organizations using Microsoft Defender for Office 365 Plan 2 or Microsoft Defender XDR, and accessible on desktop, mobile, and web. Administrators can enable or disable the feature from the Teams admin center or the Microsoft Defender portal.

Azure Introduces Copilot Agents and AI Infrastructure

🚀 At Microsoft Ignite 2025, Microsoft unveiled a suite of Azure infrastructure and AI operational innovations built for scale, reliability, and security. Azure Copilot introduces an agentic operations model with six specialized agents—migration, deployment, optimization, observability, resiliency, and troubleshooting—designed to automate routine cloud management while enforcing RBAC and policy. The release also highlights new AI datacenter architecture (Fairwater), deployment of NVIDIA GB300 GPUs at scale, and platform improvements like Azure Boost and AKS Automatic to accelerate performance and reduce operational overhead.

Security Copilot Agents Included with Microsoft 365 E5

🛡️ Microsoft is including Security Copilot agents in Microsoft 365 E5, embedding AI-driven assistants across Defender, Entra, Intune, and Purview to accelerate investigations and automate routine tasks. The rollout begins today for existing Security Copilot customers on E5 and will expand to all E5 tenants in the coming months with a 30-day notification. The announcement adds 12 Microsoft-built preview agents, 30+ partner agents, and support for customer-built agents to tailor workflows.

Azure Ignite 2025: Azure's Agentic AI and Data Innovations

🚀 At Microsoft Ignite 2025, Azure introduced a coordinated set of agentic and data-first capabilities to accelerate enterprise AI adoption. Announcements include Microsoft Agent Factory (available), previews of Fabric IQ and Foundry IQ, expanded Foundry model choices (Anthropic, Cohere), and new database offerings like Azure HorizonDB and Azure DocumentDB. The updates emphasize unified data, model choice, and integrated security to simplify building, running, and governing AI agents at scale.

Ambient and Autonomous Security for the Agentic Era

🛡️ At Microsoft Ignite 2025, Microsoft set out an ambient, autonomous security approach for the emerging agentic era and announced a suite of tools to observe, secure, and govern AI agents and apps. The centerpiece is Microsoft Agent 365, a control plane providing an Entra-based registry, access controls, visualization, and integrations with Defender, Entra, and Purview to detect prompt-injection, prevent leakage, and enable auditing. Microsoft also expanded platform protections, enhanced Copilot data controls in Purview, and positioned Microsoft Sentinel and Security Copilot as agentic security pillars for detection and response.

Microsoft Foundry: Modular, Interoperable Secure Agent Stack

🔧 Microsoft today expanded Foundry, its platform for building production AI apps and agents, with new models, developer tools, and governance controls. Key updates include broader model access (Anthropic, Cohere, NVIDIA), a generally available model router, and public previews for Foundry IQ, Agent Service features (hosted agents, memory, multi-agent workflows), and the Foundry Control Plane. Foundry Tools and Foundry Local bring real-time connectors and edge inference, while Managed Instance on Azure App Service eases .NET cloud migrations.

Microsoft Databases and Fabric: Unified AI Data Estate

🧠 Microsoft details a broad expansion of its database portfolio and deeper integration with Microsoft Fabric to simplify data architectures and accelerate AI. Key launches include general availability of SQL Server 2025, GA of Azure DocumentDB (MongoDB-compatible), the preview of Azure HorizonDB, and Fabric-hosted SaaS databases for SQL and Cosmos DB. OneLake mirroring, Fabric IQ semantic modeling, expanded agent capabilities, and partner integrations (SAP, Salesforce, Databricks, Snowflake, dbt) are positioned to deliver zero-ETL analytics and operational AI at scale.

Prisma AIRS Integration with Azure AI Foundry for Security

🔒 Palo Alto Networks announced that Prisma AIRS now integrates natively with Azure AI Foundry, enabling direct prompt and response scanning through the Prisma AIRS AI Runtime Security API. The integration provides real-time, model-agnostic threat detection for prompt injection, sensitive data leakage, malicious code and URLs, and toxic outputs, and supports custom topic filters. By embedding security into AI development workflows, teams gain production-grade protections without slowing innovation; the feature is available now via an early access program.

Anthropic Claude Models Available in Microsoft Foundry

🚀 Microsoft announced integration of Anthropic's Claude models into Microsoft Foundry, making Azure the only cloud to provide both Claude and GPT frontier models on a single platform. The release brings Claude Haiku 4.5, Sonnet 4.5, and Opus 4.1 to Foundry with enterprise governance, observability, and deployment controls. Foundry Agent Service, the Model Context Protocol, skills-based modularity, and a model router are highlighted as tools to operationalize agentic workflows for coding, research, cybersecurity, and business automation. Token-based pricing tiers for the Claude models are published for standard deployments.

Microsoft Mitigates 15.72 Tbps IoT-Driven DDoS Attack

🛡 Microsoft automatically detected and mitigated a massive DDoS attack that peaked at 15.72 Tbps and roughly 3.64 billion packets per second against a single Australian endpoint. The traffic was attributed to a TurboMirai-class IoT botnet called AISURU, sourced from hundreds of thousands of compromised routers, cameras, and DVRs and launched from over 500,000 source IPs across multiple regions. Attackers used high-rate UDP floods with minimal source spoofing and random source ports, factors Microsoft said helped simplify traceback and provider enforcement. The incident underscores rising DDoS baselines as broadband speeds increase and IoT devices become more capable.

Microsoft fixes Windows 10 ESU update installation error

🔧 Microsoft acknowledged that the November Patch Tuesday update KB5068781 for Windows 10 (builds 19044.6575 and 19045.6575) could fail to install on commercial devices activated via Windows subscription activation through the Microsoft 365 admin center, producing error 0x800f0922. On Nov. 17 Microsoft issued a preparation package, KB5072653, to resolve the problem and allow deployment of the November security update. Administrators should verify the latest servicing stack update, run the Windows Update Troubleshooter, and, if needed, install the .msu manually via wusa.exe.

Windows 10 KB5072653 OOB Update Fixes ESU Install Errors

🛠️ Microsoft released the out-of-band update KB5072653 to address installation failures affecting the November Extended Security Update for Windows 10. The preparation package resolves 0x800f0922 (CBS_E_INSTALLERS_FAILED) errors and requires devices to run Windows 10 22H2 with the October cumulative update KB5066791. KB5072653 will be offered automatically via Windows Update; after installing and restarting, administrators should rerun Windows Update to deploy the November ESU update (KB5068781). Microsoft will also publish updated Scan Cab metadata for WSUS/SCCM customers who rely on cab files for compliance checks.