All news with #microsoft tag

🛠️ Microsoft expanded its in-box app removal policy for Windows 11 to add a dynamic list that allows IT admins to specify which preinstalled Microsoft Store apps to uninstall by Package Family Name (PFN). The RemoveDefaultMicrosoftStorePackages policy can be applied via Group Policy or a custom OMA-URI for MDM and requires the April 2026 non-security update (Insiders can get it with the March 13, 2026 Dev/Beta builds). Intune support for the dynamic list will arrive in the coming months.

🔔 Microsoft released the optional cumulative preview update KB5083631 for Windows 11, delivering 34 quality improvements and fixes. Highlights include a new Xbox mode that provides a full‑screen gaming interface, improved startup app launch performance, and enhanced batch file/CMD security that prevents scripts from changing during execution. The update is optional and can be installed via Settings → Windows Update or manually from the Microsoft Update Catalog.

🔒 A developer at an AI startup downloaded a dubious Roblox script onto a work laptop, a single error that cascaded into a costly breach and caused roughly $2 million in remediation. The episode also highlights the long-standing SS7 telecom weakness that enables pervasive mobile tracking and interception. Host Graham Cluley and guest James Ball interview Rob Edmondson of CoreView about how to lock down Microsoft 365 before misconfigurations are exploited.

📋 This blog by Rico Mariani outlines eight practical best practices for CISOs conducting risk reviews, focusing on identifying assets, applications, and access controls to shape review scope and priorities. It emphasizes good quality authentication (tokens and issuers like Microsoft Entra), robust authorization, network isolation, detection, and auditing to enable proactive security. The post also highlights commonly overlooked areas such as backups, support, and development systems to ensure comprehensive risk coverage.

🛡️ Xu Zewei, a 34-year-old accused of working for China's Ministry of State Security and linked to the state-backed hacking group Hafnium (also called Silk Typhoon), has been extradited from Italy to the United States and arrived in Houston. He pleaded not guilty at a federal hearing and is being held at the Federal Detention Center. U.S. prosecutors allege Xu targeted COVID-19 researchers in early 2020 and participated in the 2021 Microsoft Exchange zero-day campaign; if convicted on charges including wire fraud, conspiracy to damage protected computers, and aggravated identity theft, he faces decades in prison.

⚠️ Microsoft is investigating a known issue that prevents some Teams Free users from chatting and calling others. A recently deployed backend change is skipping onboarding and privacy consent screens for affected users, leaving profiles incomplete and causing them to appear as 'Unknown users' to others. Microsoft has flagged the incident as an service degradation, says first reports emerged on April 8, and plans another status update later today.

🔒 Microsoft will block legacy TLS connections for POP and IMAP access to Exchange Online starting July 2026, deprecating TLS 1.0 and TLS 1.1. Connections that attempt to use those versions will fail, which may prevent older email clients, devices, or embedded systems from connecting. The company says most customers won't be affected because the majority of traffic already uses TLS 1.2 or later. Administrators are advised to verify client configurations, update custom or legacy systems, and avoid legacy endpoints to prevent disruption.

⚠ Microsoft confirmed a display bug causing newly introduced Windows security warnings to render incorrectly when opening Remote Desktop (RDP) files. The issue affects all supported Windows releases updated in April 2026 (including Windows 11 KB5083768 & KB5083769, Windows 10 KB5082200, and Windows Server KB5082063) and appears when multiple monitors use different scaling settings, producing overlapping text and misplaced buttons. These dialogs — deployed to warn users about unsigned or unverified RDP files and to show resource redirection settings — can become difficult or impossible to interact with until Microsoft provides a fix.

📧 Microsoft has asked iPhone users to manually re-enter credentials in the default Mail app to restore access to Outlook and Hotmail accounts after a global sign-in outage. The company reported intermittent sign-in failures and some users being signed out or seeing "too many requests" errors, attributing the disruption to a "recently introduced change." Service health was reported as restored around 7 PM UTC, but iOS users must follow a step-by-step procedure in Settings → Mail → Accounts to update passwords. Microsoft has not disclosed the outage's root cause, scale, or affected regions.

🛡️ Microsoft confirmed active exploitation of a patched Windows Shell vulnerability, CVE-2026-32202, after correcting its advisory metadata. The flaw is a spoofing/authentication-coercion issue (CVSS 4.3) that can disclose sensitive information and was addressed in April Patch Tuesday. Akamai researcher Maor Dahan links the defect to an incomplete February fix for CVE-2026-21510 and says an APT28 campaign weaponized LNK/CPL/UNC/SMB chains to harvest credentials.

🔒 Researchers at Silverfort discovered that Microsoft’s Agent ID Administrator role could modify and take ownership of unrelated service principals, allowing role holders to create credentials and authenticate as compromised applications. The flaw stemmed from scope enforcement failing in the Agent Identity Platform, where agent identities share primitives with applications. Microsoft deployed a fix by April 9, 2026; organizations should audit role assignments and service principal ownership and monitor for unexpected changes.

📧 Microsoft is investigating an ongoing Outlook.com outage that is causing intermittent sign‑in failures and unexpected sign‑outs for some users. A high volume of reports on Downdetector indicate many customers are seeing connection problems and too many requests errors when attempting to access mailboxes. Microsoft says client sign‑in scenarios may be contributing and is validating interactions across service components. The company has flagged the incident as a service degradation but has not disclosed a root cause or affected regions.

🛠️ Microsoft is rolling out a revamped Windows Insider Program to simplify channel structure and improve transparency around feature availability. The company is merging Dev and Canary into a new Experimental channel for high-risk or potentially non-shipping work, while maintaining an updated Beta channel where features in release notes will be broadly available without gradual rollouts. Experimental items may be gated behind Feature flags that users can toggle in Settings, and Microsoft is migrating Insiders in phases while shipping several preview builds and an updated Windows Update experience to give users more control over updates and reboots.

🔧 Microsoft is rolling out Windows Update improvements to give users more control over update timing and reduce disruptive restarts. Insiders will see options to skip updates during OOBE, select specific pause dates via a calendar for up to 35 days, and separate standard power actions from update-triggering commands. Driver, .NET, and firmware updates will be consolidated with monthly quality updates to minimize reboots, while users can still opt to install specific updates earlier.

🔐 Microsoft will roll out Entra passkey support for phishing‑resistant passwordless authentication on Windows devices starting in late April, with general availability expected by mid‑June 2026. The capability enables device‑bound FIDO2 passkeys stored in the Windows Hello container and used via face, fingerprint, or PIN on corporate, personal, and shared devices, including unmanaged Windows machines. Administrators can control rollout and access through Conditional Access and Authentication Methods policies.

🛠️ Microsoft now allows IT administrators to uninstall the AI-powered Microsoft Copilot app from managed enterprise devices using the new RemoveMicrosoftCopilotApp policy setting, broadly available after the April 2026 Patch Tuesday. The setting is provided as a Policy CSP and Group Policy for endpoints managed via Microsoft Intune or SCCM, and applies only to Windows 11 25H2 devices where both Microsoft 365 Copilot and Microsoft Copilot are installed, the user did not install the Copilot app, and it has not been launched in the last 28 days. If enabled, the app will be uninstalled in a non-disruptive way; users can still re-install it if they choose.

🚀 GPT-5.5 is being made generally available in Microsoft Foundry, enabling enterprises to run OpenAI's latest frontier model for production agentic workflows. The model brings deeper long-context reasoning, improved agentic execution, higher computer-use accuracy, and better token efficiency. Foundry supplies governance, identity isolation, persistent sandboxes, and integrations to evaluate and scale agents securely.

🔒 Amazon Quick now supports document-level access controls (ACLs) for Microsoft SharePoint knowledge bases, allowing organizations to preserve native SharePoint permissions when indexing content. Quick uses a dual approach—ACL replication for fast pre-retrieval filtering paired with real-time permission checks against SharePoint at query time—to avoid stale or incorrectly mapped access. Administrators can enable this in an admin-managed SharePoint knowledge base in the Quick console; the feature is available in all Regions where Quick is offered.

🔒 UNC6692 used persistent social engineering to lure victims via Microsoft Teams, delivering a staged payload that installed an AutoHotkey loader and a malicious Chromium extension (SNOWBELT) from attacker-controlled AWS S3. The intruders deployed a modular suite — SNOWBELT, SNOWGLAZE, and SNOWBASIN — to establish WebSocket tunnels, local HTTP backdoors, and stealthy proxying for lateral movement. The campaign combined credential theft, LSASS and NTDS extraction, and exfiltration to cloud services, highlighting the need to monitor browser extensions and cloud egress.

⚠️ Microsoft confirmed a recent Microsoft Edge update introduced a regression preventing some Windows users from joining scheduled Microsoft Teams meetings or meetings launched via links. The company advised impacted users to restart the Teams client as a temporary workaround while engineers analyze diagnostic data and monitor recent service changes. Microsoft classified the incident as an advisory and has not disclosed affected regions or user counts.