< ciso
brief />
Tag Banner

All news with #microsoft tag

836 articles · page 25 of 42

Microsoft Brings Claude to Foundry for Healthcare AI

🏥 Microsoft announced Claude for Healthcare and Life Sciences is now available in Microsoft Foundry, bringing Anthropic’s Claude models into an Azure-backed, enterprise-grade platform for regulated health and research environments. The release emphasizes domain-tuned agents, model context protocols (MCPs), connectors, and skill libraries designed to support multi-step clinical and R&D workflows. Microsoft highlights specific applications such as prior authorization automation, claims appeal processing, care coordination triage, and life-sciences tasks from protocol design to bioinformatics. The offering underscores governance, safety investments, and flexible deployment options across regulated settings.
read more →

Microsoft to Remove 'Send to Kindle' Option in Word

📚 Microsoft will retire the Send Documents to Kindle option in Microsoft Word, with the change rolling out after February 2026. The feature, formerly accessible from Word's Export menu, allowed .doc and .docx files to be transferred to a user's Kindle library while preserving page layout and most formatting. Microsoft notes that comments and tracked changes were not preserved when files were sent. After the retirement, users should use the Send to Kindle website to transfer documents.
read more →

Microsoft to Let IT Admins Uninstall Copilot on Devices

🔧 Microsoft is testing a new Group Policy, RemoveMicrosoftCopilotApp, that enables IT administrators to uninstall the AI-powered Copilot app on managed Windows devices. The policy began rolling out in the Dev and Beta Insider channels with Windows 11 Insider Preview Build 26220.7535 (KB5072046) and applies to endpoints managed via Microsoft Intune or SCCM. It targets systems where both Microsoft 365 Copilot and Microsoft Copilot are installed, the app was not user-installed, and it hasn't been launched in the last 28 days. Admins can enable the setting at User Configuration -> Administrative Templates -> Windows AI -> Remove Microsoft Copilot App; users may still reinstall if they choose.
read more →

CrowdStrike to Buy SGNL for $740M to Add Real-Time Identity

🔐 CrowdStrike will acquire identity security startup SGNL for $740 million to add real-time, risk-aware authorization that grants or revokes access based on current signals rather than static permissions. The deal, expected to close in CrowdStrike’s fiscal Q1 ending April 30, will be paid mostly in cash with some stock subject to vesting. SGNL’s technology layers with existing identity systems from Okta, Microsoft, and AWS, evaluating contextual signals — user behavior, device posture, and threat intelligence — to enforce continuous authorization and address rising machine-identity and AI-agent risks.
read more →

Microsoft Exchange Online outage affects IMAP4 access

⚠ Microsoft is investigating an Exchange Online outage (EX1215307) that intermittently prevents users from accessing mailboxes via IMAP4. Microsoft attributes the disruption to a recent IMAP deployment that introduced a code conflict and authentication misconfiguration, and says a configuration fix has been deployed and is being rolled out. Other connection methods are not affected, and Microsoft advises retries may restore access while the update completes.
read more →

Microsoft Enforces MFA for Microsoft 365 Admin Center Access

🔐 Microsoft will require MFA for all users signing into the Microsoft 365 admin center and will block accounts that do not have MFA enabled starting February 9, 2026. The enforcement covers portal.office.com/adminportal/home, admin.cloud.microsoft, and admin.microsoft.com and follows an initial rollout that began in February 2025. Administrators are urged to enable MFA using Microsoft's setup wizard or official documentation to avoid service interruptions; Microsoft notes that MFA significantly reduces the risk of account compromise.
read more →

CISA Flags Microsoft Office and HPE OneView KEV Flaws

⚠️ CISA added two vulnerabilities — in Microsoft Office PowerPoint (CVE-2009-0556, CVSS 8.8) and HPE OneView (CVE-2025-37164, CVSS 10.0) — to its Known Exploited Vulnerabilities catalog after observing evidence of active exploitation. The HPE flaw permits unauthenticated remote code execution and affects versions prior to 11.00; HPE has released hotfixes for OneView 5.20 through 10. A proof-of-concept exploit for CVE-2025-37164 was disclosed publicly on December 23, 2025, prompting eSentire to urge immediate patching. Federal agencies subject to BOD 22-01 are instructed to remediate by January 28, 2026.
read more →

Microsoft Incident Response: New Proactive Services

🔒 Microsoft Incident Response expands its proactive offerings to help organizations build cyber resilience and reduce disruption. New services include incident response plan development, major event support, an immersive cyber range, advisory engagements, and compromise assessments for M&A activity. These capabilities build on existing services such as compromise assessments, identity assessment and hardening, and tabletop exercises. The focus is on preparation, gap detection, defense hardening, and tailored threat insights to accelerate recovery and strengthen security posture.
read more →

Classic Outlook bug prevents opening encrypted emails

🔒 Microsoft is investigating a bug in the classic Outlook client introduced by Current Channel Version 2511 (Build 19426.20218) that prevents recipients from opening messages encrypted with Encrypt Only permissions. Impacted users may see a reading pane error asking them to verify credentials or encounter a message_v2.rpmsg attachment instead of readable content. The Outlook Team is working on a fix but has not provided an ETA. Microsoft recommends two temporary workarounds: have senders save encrypted messages before sending, or roll back to build 16.0.19426.20186.
read more →

Microsoft Alerts: Phishing Uses Email Routing and DMARC Gaps

📧 Microsoft’s Threat Intelligence team warns that attackers are increasingly exploiting complex email routing and misconfigured DMARC and SPF policies to make phishing messages appear to come from inside targeted organizations. These campaigns often rely on MX records that route mail through on‑premises servers or third‑party relays before Microsoft 365, which can prevent correct spoof checks. Threat actors deliver lures ranging from password resets to shared documents and use PhaaS platforms such as Tycoon 2FA. Microsoft advises enforcing strict DMARC reject and SPF hard-fail policies, verifying connectors, and adopting phishing-resistant MFA like FIDO2 keys.
read more →

Microsoft Cancels Exchange Online Bulk Email Rate Limit

📭 Microsoft has canceled plans to impose a new daily limit of 2,000 external recipients on Exchange Online bulk senders after receiving negative customer feedback. The External Recipient Rate (ERR) cap was announced in April 2024 and was scheduled to begin in January 2025 with phased enforcement through late 2025. Microsoft said it will pursue "smarter, more adaptive approaches" to balance security and usability, while existing recipient limits remain unchanged.
read more →

Federated Identity Management: Balancing Security and UX

🔐 Federated Identity Management (FIM) enables a single authentication to span multiple applications or organizations, letting users sign in once and reuse identity assertions across services. It improves user experience and resilience while introducing architectural complexity, potential vendor lock-in, and additional service costs. Implementations commonly rely on cloud identity providers such as Google, Microsoft, or Okta and use protocols like SAML, OAuth 2.0, and OpenID Connect.
read more →

Microsoft Copilot Rolls Out GPT-5.2 Smart Plus Mode

🚀 Microsoft is rolling out GPT-5.2 to Copilot on web, Windows, and mobile as a free upgrade that will coexist with the existing GPT-5.1 model. The new option appears as a 'Smart Plus' mode and uses a 'Thinking' variant designed for more complex, multi-step tasks. OpenAI positions GPT-5.2 as its strongest model family yet, improving productivity for spreadsheets, presentations, coding, document understanding, image work, and tool use.
read more →

Microsoft Teams to let admins block external users

🔒 Microsoft will let security administrators block external users from sending messages, placing calls, or inviting employees to meetings in Teams, managed directly through the Tenant Allow/Block List in the Microsoft Defender portal. The capability integrates with Defender for Office 365 and the Defender XDR web portal and applies across all Teams clients without altering existing domain blocks or federation settings. Organizations must enable two disabled Teams admin center settings to grant security teams permission to manage blocked domains and users.
read more →

Hardware-accelerated BitLocker arrives in Windows 11

🔒 Microsoft is rolling out hardware-accelerated BitLocker in Windows 11, offloading bulk cryptographic operations to SoC components with HSMs and TEEs to reduce CPU usage and improve I/O performance. The feature defaults to XTS-AES-256 on supported NVMe systems and initially appears on Intel Core Ultra Series 3 platforms. It’s available in Windows 11 24H2 (with September updates) and 25H2; verify mode with manage-bde -status.
read more →

Microsoft Finally Deprecates RC4 in Windows After 26 Years

🔒 Microsoft is deprecating the legacy RC4 cipher in Windows, ending a 26-year presence that left servers accepting RC4-based authentication responses by default. The company cited RC4’s vulnerability to Kerberoasting, an attack class linked to last year’s breach at Ascension that disrupted hospital operations and exposed millions of medical records. Security and regulatory scrutiny, including calls from Senator Ron Wyden, helped force the change.
read more →

Attackers Abuse Microsoft OAuth Device Codes for Hijacks

🔒 Cybercriminals and state-sponsored actors are increasingly abusing OAuth device authorization to hijack enterprise Microsoft 365 accounts, often bypassing multifactor protections. Proofpoint reports campaigns have surged since September 2025 and shifted from targeted voice-phishing to scalable email-based social engineering. Attackers prompt victims to enter short-lived device codes on Microsoft’s verification page, validating tokens and granting access. Tools such as SquarePhish2 and Graphish automate the flow and lower the skill barrier for large-scale attacks.
read more →

Microsoft Confirms Teams Messaging Delays Across Regions

⚠️ Microsoft is investigating a widespread incident affecting Microsoft Teams, with thousands of users reporting messaging delays, failed sends, and issues with other service functions. The outage began around 2:30 PM ET and is impacting users across the United States and Europe. Microsoft says it is observing recovery in telemetry, is continuing analysis to identify impacted scenarios and determine root cause, and will share updates; this is a developing story.
read more →

Nigeria Arrests Developer of Raccoon0365 Microsoft Phishing

🔒 Nigerian police arrested three individuals linked to targeted Microsoft 365 phishing attacks delivered via the Raccoon0365 platform, citing intelligence shared by Microsoft and the FBI. Authorities say one suspect, Okitipi Samuel (aka RaccoonO365 or Moses Felix), developed and sold phishing kits on Telegram and hosted pages on Cloudflare using compromised accounts. The toolkit automated fake Microsoft login pages and has been tied to at least 5,000 account compromises across 94 countries; two other detainees currently have no proven role in creating the service.
read more →

Microsoft 365 OAuth Device Code Phishing Wave Expands

🔒 Multiple threat actors are exploiting the OAuth device code flow to compromise Microsoft 365 accounts by tricking users into entering device codes on legitimate Microsoft device login pages, which results in victims authorizing attacker-controlled applications and granting persistent access without credential theft or direct MFA bypass. Proofpoint reports a significant volume increase since September and attributes activity to financially motivated groups such as TA2723 and a suspected Russia-aligned actor tracked as UNK_AcademicFlare. The campaigns use phishing kits like SquarePhish and Graphish and employ lures such as salary bonuses and spoofed OneDrive links. Organizations should enforce Microsoft Entra Conditional Access and implement sign-in origin policies to mitigate these attacks.
read more →