< ciso
brief />
Tag Banner

All news with #microsoft tag

836 articles · page 18 of 42

Microsoft Entra Adds Phishing-Resistant Passkeys on Windows

🔐 Microsoft is introducing passkey support in Microsoft Entra for Windows, enabling phishing-resistant, passwordless sign-ins via Windows Hello. The opt-in feature enters public preview worldwide from mid‑March through late April 2026, with government clouds (GCC, GCC High, DoD) following mid‑April through mid‑May. Passkeys are device-bound, stored in the Windows Hello container, and never transmitted over the network, preventing credential theft and MFA bypass. IT administrators must enable the Passkeys (FIDO2) authentication method, create a passkey profile including the required Windows Hello AAGUIDs, and assign the profile to appropriate groups to enroll devices.
read more →

Microsoft to Enable Hotpatch Security Updates by Default

🔔 Starting with the May 2026 Windows security update, Microsoft will enable hotpatch security updates by default for all eligible devices managed via Microsoft Intune and the Microsoft Graph API. The updates will be delivered through Windows Autopatch and are intended to halve the time to reach 90% patch compliance by applying fixes without requiring immediate restarts. Organizations can opt out at the tenant level through Intune controls that go live April 1, 2026, and administrators should use the Hotpatch quality updates report to confirm device readiness.
read more →

March 2026 Patch Tuesday: 82 CVEs, 8 Critical Vulns

🔒 Microsoft’s March 2026 Patch Tuesday addresses 82 vulnerabilities, including eight Critical issues and two publicly disclosed flaws affecting Windows, Azure and Office. Notable high-severity items include a CVSS 9.8 RCE in the Microsoft Devices Pricing Program and several elevation-of-privilege and RCE flaws in Office, Excel and Azure Confidential Containers; some cloud-hosted issues were remediated server-side with no customer action required. CrowdStrike recommends prioritizing available fixes, applying mitigations where patches are absent, and using the Falcon Patch Tuesday dashboard to triage and track remediation.
read more →

Unpacking Agentic AI: The Shift Podcast Launch and Insights

🎧 Microsoft introduces The Shift, an evolution of its earlier podcast to explore agentic AI across engineering, product, and strategy perspectives. Over eight weekly episodes this spring, hosts and guests from teams including Microsoft Azure, Microsoft Fabric, and Microsoft Foundry tackle practical questions about how agents interact with data, databases, and cloud foundations. Episodes emphasize that agents succeed only when data strategy, cloud reliability, and application orchestration work together, highlighting operational concerns like observability, governance, security, and optimization.
read more →

Microsoft Teams Will Tag Third-Party Bots in Lobbies

🛡️Microsoft will update Teams to clearly label external third-party bots that appear in meeting lobbies, and organizers will be required to explicitly admit them. The change is slated for May 2026 and will reach Windows, macOS, Android, and iOS for worldwide standard multi-tenant and GCC clouds. By distinguishing bots from human attendees, the feature aims to prevent malicious or unwanted automated participants from being inadvertently accepted into meetings and complements recent Teams security enhancements such as call-reporting, fraud-protection warnings, and Defender-based admin controls.
read more →

Microsoft still fixing Windows Explorer white flashes

🔧Microsoft has confirmed it is still working to fully resolve a bug that causes bright white flashes when opening File Explorer on some Windows 11 systems. The company has rolled fixes to Windows Insiders in the Beta and Dev channels via preview builds Build 26220.7961 (KB5079382) and Build 26300.7965 (KB5079385). Those updates remove white flashes when launching new Explorer windows or tabs and when resizing elements, and also add voice typing and improved file unblocking reliability. Microsoft originally linked the issue to the optional KB5070311 update in December.
read more →

Secure Agentic AI with Microsoft Agent 365 and E7 Suite

🛡️ Microsoft today unveiled Agent 365 and Microsoft 365 E7: The Frontier Suite, generally available May 1, 2026, to help organizations observe, secure, and govern agentic AI at scale. Agent 365 provides a unified control plane with an agent registry, behavior and performance observability, and integrated risk signals across Microsoft Defender, Entra, and Purview. The offering extends identity and access controls with Agent ID, conditional access, and identity governance, while Purview features such as Inline DLP for Copilot Studio prompts, information protection, and data lifecycle management help prevent sensitive data exposure. Pricing starts at $15 per user per month for Agent 365 and $99 per user per month for Microsoft 365 E7.
read more →

Tycoon 2FA phishing kit dismantled after global takedown

🔒In a coordinated takedown, law enforcement and industry partners dismantled Tycoon 2FA, a commercial phishing-as-a-service platform that automated MFA bypasses via a real-time proxy. The kit, sold for about US $120/month through private Telegram channels, forwarded credentials and one-time codes to legitimate sites to capture authenticated sessions. It was linked to tens of millions of phishing emails and widespread attacks on healthcare and education before seizures and blocks by Microsoft, multi-country law enforcement, and Cloudflare largely disrupted the operation. Users are reminded that not all MFA is equal: hardware security keys or passkeys provide stronger protection against proxying than SMS-based codes.
read more →

Forrester TEI: Microsoft Foundry's Enterprise AI ROI

🔎 The Forrester Total Economic Impact study modeled a composite $10B enterprise using Microsoft Foundry and estimated a 327% ROI over three years, with developer productivity identified as the largest contributor at $15.7M. Foundry reduced undifferentiated engineering work and improved technical team productivity up to 35%, with some teams seeing payback in as few as six months. Its unified platform, reusable knowledge bases, built-in evaluations, and agent controls also enabled organizations to decommission legacy tools and avoid infrastructure costs.
read more →

Microsoft 365 Backup Adds File-Level Restore for Admins

🗂️ Microsoft will add granular file- and folder-level restore to Microsoft 365 Backup, allowing administrators to browse, search and recover individual files from SharePoint and OneDrive restore points rather than restoring entire sites or drives. The capability is limited to tenants with the backup service enabled and requires the SharePoint Backup Administrator role; end users will not see restore operations. Public preview began in early March 2026 and Microsoft expects general availability between late April and early May 2026. Customers are advised to review coverage, train backup administrators, and update recovery runbooks to incorporate file- and folder-level restores.
read more →

GPT-5.4 in Microsoft Foundry: Production Reliability

🔧 Microsoft will make OpenAI's GPT-5.4 available soon through Microsoft Foundry, positioning the model for production-grade, agent-driven automation. GPT-5.4 emphasizes sustained multi-turn reasoning, improved instruction alignment, lower latency, and integrated computer-use capabilities for tool orchestration, file access, guarded code execution, and agent handoffs. A premium GPT-5.4 Pro targets deeper analytical workflows, while Foundry supplies policy, monitoring, versioning, and audit controls for enterprise deployment.
read more →

Malicious AI Assistant Extensions Harvest LLM Data

🔒 Microsoft Defender investigated malicious Chromium browser extensions that impersonated legitimate AI assistant tools to collect LLM chat histories and browsing telemetry. Distributed via the Chrome Web Store and compatible with both Google Chrome and Microsoft Edge, the extensions captured full URLs and chat snippets from platforms such as ChatGPT and DeepSeek, reaching roughly 900,000 installs and activity in over 20,000 enterprise tenants. Microsoft provides detections, hunting queries, and mitigation guidance to contain exposure and remediate affected devices.
read more →

Microsoft-led Takedown Disrupts Tycoon2FA Phishing Network

🔒 Microsoft led a court-authorized disruption of Tycoon2FA, a prominent phishing-as-a-service operation, seizing 330 active domains and coordinating infrastructure seizures with Europol and partner law enforcement. Private-sector partners including Cloudflare, Coinbase, Intel471, Proofpoint, the Shadowserver Foundation, SpyCloud and Trend Micro assisted in removing control panels and fraudulent login pages. Microsoft estimates Tycoon2FA accounted for roughly 62% of phishing attempts it blocked by mid-2025 and linked to about 96,000 victims since 2023.
read more →

Windows 10 KB5075039 Fixes Recovery Environment Issue

🔧 Microsoft released KB5075039 to repair a Windows 10 Recovery Environment (WinRE) startup failure caused by the October update KB5068164. The patch restores WinRE access for affected systems. Installation requires the WinRE partition to be at least 256 MB; administrators should back up drives before resizing partitions and follow Microsoft's manual resizing instructions.
read more →

Europol Disrupts Tycoon2FA Phishing-as-a-Service campaigns

🔒 Europol coordinated an international law enforcement operation that disrupted Tycoon2FA, a prolific phishing-as-a-service platform that intercepted credentials and session cookies via reverse proxies to bypass MFA and hijack authenticated sessions. Authorities seized 330 domains and removed control panels and phishing pages across multiple countries, with technical disruption led by Microsoft and support from private partners including Trend Micro and Cloudflare. The action aims to curb tens of millions of monthly phishing messages and protect nearly 100,000 targeted organizations while urging defenders to revoke active sessions and monitor for unauthorized access.
read more →

Global Takedown Disrupts Tycoon2FA Phishing Service

🛡️ Microsoft and Europol, supported by industry partners, seized infrastructure linked to the phishing-as-a-service operator Tycoon2FA, removing over 300 domains used in large-scale MFA-bypass campaigns. The PhaaS offering used adversary-in-the-middle techniques to intercept live authentication sessions and capture credentials, one‑time passcodes and session cookies in real time. Investigators say Tycoon2FA had roughly 2,000 users and leveraged more than 24,000 domains since launching in August 2023. Security firms recommend adopting phishing‑resistant authentication, strict conditional access and advanced email protections.
read more →

Hackers Abuse OAuth Error Redirects to Deliver Malware

🔐 Microsoft warns that attackers are abusing legitimate OAuth error redirection to bypass email and browser phishing protections and deliver malware. Campaigns target government and public-sector organizations with lures such as e-signature requests, meeting invites, and financial notices that contain OAuth redirect URLs. Attackers register malicious OAuth apps and invoke silent-auth parameters or invalid scopes to trigger error redirects to attacker-controlled pages. Those pages can host credential-phishing frameworks or automatically deliver ZIP packages that launch PowerShell loaders and DLL side‑loading routines, enabling final payload execution.
read more →

Microsoft Warns OAuth Redirect Abuse Targets Government Orgs

🔒 Microsoft warned on Mar 3, 2026 of phishing campaigns that leverage OAuth redirect URLs to bypass email and browser defenses and deliver malware to government and public-sector targets without directly stealing tokens. Attackers register malicious applications and manipulate identity providers like Entra ID and Google Workspace to craft redirect links sent in emails or embedded in PDFs. The delivery chain uses ZIP -> LNK-triggered PowerShell -> MSI -> DLL sideloading to execute in-memory payloads and contact external C2; some campaigns also used AitM kits such as EvilProxy. Microsoft removed identified malicious apps and recommends limiting consent, auditing app permissions, and removing unused or overprivileged applications.
read more →

OAuth Redirect Abuse Enables Phishing and Malware Delivery

🔒Microsoft Defender researchers observed phishing campaigns that abused OAuth redirection mechanics to route victims from trusted identity domains to attacker-controlled hosts. Attackers used silent authorization requests (for example prompt=none and intentionally invalid scopes) and embedded target addresses in the state parameter to trigger error redirects that landed users on malicious pages or download hosts without yielding tokens. Microsoft flagged correlated activity across email, identity, and endpoints; Microsoft Entra disabled the identified applications, though related activity persists and requires continued monitoring.
read more →

Florida woman jailed for large Microsoft license fraud

🔒 A Florida woman was sentenced to 22 months in prison and fined $50,000 for operating a years‑long scheme that trafficked thousands of stolen Microsoft Certificate of Authenticity (COA) labels. Heidi Richards, who ran Trinity Software Distribution, purchased tens of thousands of genuine COAs, had employees extract and transcribe product keys, and sold those keys in bulk to customers worldwide. Prosecutors reported she wired $5,148,181.50 to the supplier between July 2018 and January 2023.
read more →