#entra-id

[ follow ]
#content-security-policy #microsoft #cybersecurity #mfa #microsoft-365-admin-center #credential-based-attacks
fromTechzine Global
1 day ago

Microsoft requires MFA for Microsoft 365 admin center

Starting February 9, 2026, Microsoft will enforce multi-factor authentication (MFA) for all users who want to access the Microsoft 365 admin center. Administrators without MFA will face login blocks starting next month. The measure is part of Microsoft's strategy against credential-based attacks, which remain a significant attack vector. The company began a soft rollout in February last year, but starting next month, the requirement will be fully enforced for all tenants.
Information security
#content-security-policy
more#content-security-policy
fromTechzine Global
2 months ago

How attackers use Microsoft agents to steal OAuth tokens

Among their discoveries can be OAuth tokens, which these digital assistants then pass on to malicious parties. Datadog uncovered how agents use Microsoft Copilot Studio to assist in phishing campaigns. Copilot Studio enables a pervasive form of automation. To increase their usability, users can share the workflows of these agents, which are called "topics." The Login topic can be configured in such a way that users are misled.
Information security
Information security
fromIT Pro
3 months ago

A terrifying Microsoft flaw could've allowed hackers to compromise 'every Entra ID tenant in the world'

A critical Entra ID vulnerability (CVE-2025-55241) could have allowed cross-tenant full administrative compromise via undocumented 'Actor' tokens and Azure AD Graph API validation flaws.
Information security
fromWIRED
3 months ago

Security News This Week: A Dangerous Worm Is Eating Its Way Through Software Packages

Multiple serious security failures and threats emerged this week, including government data exposure, critical identity-management flaws, hypersonic missile tests, and advanced SMS-scamming techniques.
fromTheregister
3 months ago

Entra ID bug could have granted access to every tenant

"If you are an Entra ID admin," wrote Mollema, "that means complete access to your tenant."
Information security
Information security
fromComputerworld
4 months ago

Microsoft releases Windows Backup for Organizations to ease migration of user settings to Windows 11

Windows Backup for Organizations restores settings only on Windows 11 version 22H2 or later; Windows 10 cannot restore settings despite being backed up.
Tech industry
fromThe Hacker News
8 months ago

Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach

Microsoft has migrated its account signing services to Azure confidential VMs for enhanced security.
[ Load more ]