cloud identity

Microsoft’s authentication systems briefly tripped over a dependency on Monday, leaving some North American users unable to complete sign‑ins to Microsoft 365 because Multi‑Factor Authentication (MFA) requests returned 504 “gateway timeout” errors — a disruption Microsoft logged as incident...

Bojidar Bozhanov has raised a red flag: the Bulgarian government is preparing to open a public procurement and sign a new, large-scale contracting arrangement with Microsoft to cover core software and cloud services for the state administration — a move he says carries long-term risks for...

A newly exposed cluster of identity and management-plane flaws has rewritten the threat model for Windows administrators and cloud tenants: an Entra ID “actor token” validation failure that could enable largely undetectable, cross‑tenant impersonation combined with a high‑impact local...

Token security has moved from a background concern to a front‑line risk for every organization that relies on cloud identity, web APIs, AI services, or decentralized finance—attackers are weaponizing tokens to bypass multi‑factor authentication, impersonate administrators, and drain liquidity...

A widespread Microsoft Azure outage on October 29, 2025 disrupted Xbox Live, Microsoft 365, the Azure Portal and multiple downstream services for millions of users worldwide, with the incident traced to an Azure Front Door (AFD) capacity and routing problem combined with a regional configuration...

Windows 11 can still be installed and used without a Microsoft account, but the available paths have narrowed and become build-dependent — this guide explains every practical method (during setup and after), why Microsoft is pushing online accounts, what has been patched, and the safe...

Windows 10’s clock is counting down to end of support, and with it comes a hard choice for privacy‑minded users: pay to keep an aging platform patched, accept newer versions of Windows with tighter cloud hooks, or make a clean break to something else entirely. The argument gaining traction is...

Microsoft’s August Patchday reads like a wake‑up call: a newly disclosed Kerberos-related weakness tied to the delegated Managed Service Account (dMSA) feature in Windows Server 2025 can — under the right conditions — let an attacker escalate to domain‑admin control, and a clutch of additional...

The countdown toward Windows 10’s official end of life has long felt like the slow passing of an era, punctuated by warnings and gnawing uncertainty for millions of users still loyal to the venerable operating system. Yet even as the last months tick away, a new twist in Microsoft’s support...

Microsoft has taken a significant step toward modernizing hybrid identity management with the introduction of the Group Source of Authority (SOA) feature in Entra ID, now available in public preview. This eagerly anticipated capability unlocks a new era of flexibility for IT administrators...

The evolution of phishing campaigns in the cloud era has introduced a new breed of attacks that are increasingly hard to spot, even for seasoned security professionals. Among these, a recent campaign targeting Microsoft 365 logins stands out for its cunning use of Microsoft OAuth applications...

Phishing campaigns have always evolved in tandem with advances in enterprise security, but the latest wave targeting Microsoft OAuth applications represents a stunning leap in both sophistication and effectiveness. This ongoing campaign, first identified in early 2025, exemplifies a new breed of...

Microsoft is heralding a new era for enterprise identity security with the general availability of linkable token identifiers in Entra ID, the latest upgrade to its modern identity platform. This innovation is designed to combat one of the most persistent challenges in cybersecurity: the...

Security researchers have recently identified a critical vulnerability within Microsoft Entra ID, formerly known as Azure Active Directory, that enables attackers to escalate their privileges to Global Administrator status. This flaw poses a significant threat to organizations relying on...

Receiving an email from Microsoft that demands payment to keep an unfamiliar account alive is a scenario that would set off alarm bells for even the most seasoned tech users. The moment a message arrives that combines phrases like "Action required," "make a purchase," and an apparent threat of...

In an era where identity is the ultimate gatekeeper for digital business, organizations face growing threats to the very core of their cloud ecosystems: their identity and access management (IAM) data. As more enterprises migrate their operations to the cloud and leverage Microsoft Entra ID...

A new and deeply concerning evolution in cyberattack methodology is putting Microsoft Entra ID (formerly known as Azure Active Directory) users and organizations at unprecedented risk. This surge in account takeover (ATO) campaigns exploits TeamFiltration—a legitimate penetration testing tool...

Microsoft account users are once again facing a formidable cybersecurity threat—this time in the form of an aggressive password spraying campaign targeting Entra ID accounts at an unprecedented scale. According to multiple verified industry sources, a threat group known as SneakyStrike, also...

Reliable authentication is the bedrock of digital trust, especially in enterprise environments reliant on Microsoft 365. In recent weeks, organizations across the EMEA (Europe, Middle East, and Africa) and Asia Pacific regions have faced significant disruptions stemming from issues with...

Cloud-reliant enterprises and everyday users awoke to yet another reminder of the intricacies and fragility underlying even the world’s most trusted digital platforms. Microsoft 365, the software suite at the core of productivity for millions, recently suffered from widespread authentication...