entra id

Microsoft patched a token-access flaw in six Microsoft 365 apps for Android on May 12, 2026, after researchers found that a production debug setting could let another installed Android app request Microsoft account tokens without user interaction. The affected apps were Word, Excel, PowerPoint...

Huntress says early testing of its Identity Security Posture Management capabilities across hundreds of Microsoft 365 environments found frequent identity-control gaps, including weak MFA coverage, insufficient administrator restrictions, user privilege overreach, and missing password policies...

Microsoft announced Scout at Build on Tuesday, June 2, 2026, as an always-on workplace AI agent for Teams, email, calendars, and Microsoft 365 tasks, initially launching with a small customer group and a Frontier-access desktop app tied to GitHub Copilot. That makes Scout less a chatbot than a...

Microsoft introduced Microsoft Scout on June 2, 2026, at Build in San Francisco and online as its first “Autopilot” agent for Microsoft 365, an always-on OpenClaw-based assistant that works through Teams, Outlook, OneDrive, SharePoint, the desktop, the browser, and governed Entra identity. The...

Microsoft users in Portugal and elsewhere have reported receiving unsolicited Microsoft verification codes by SMS, email, and Authenticator prompts in recent weeks, with the most likely causes ranging from credential-stuffing attempts to abuse of legitimate Microsoft Entra and OAuth sign-in...

Microsoft resolved a Microsoft 365 service incident on June 1, 2026, after some users were blocked from reaching the My Sign-Ins portal, setting up multifactor authentication, and managing sign-in security settings because requests returned 504 Gateway Timeout errors. The outage was not long...

Microsoft disclosed CVE-2026-41103 on May 12, 2026, as a critical elevation-of-privilege vulnerability in the Microsoft SSO Plugin for Jira and Confluence that could let an unauthenticated attacker forge an SSO response and gain unauthorized access. The bug lands in the uncomfortable space...

Microsoft announced on May 7, 2026, that company developer accounts for the Microsoft Store are now free in supported onboarding flows, removing the previous $99 registration fee while adding Microsoft Entra ID sign-up and a faster verification process for organizations publishing Windows apps...

Microsoft has assigned CVE-2026-35431 to a Microsoft Entra ID Entitlement Management spoofing vulnerability, but the public confidence signal attached to the entry is what makes this disclosure especially important. Microsoft’s Security Update Guide uses that metric to express how certain it is...

Bitwarden’s vault can now unlock Windows 11 — letting users sign in to Entra ID–joined devices with passkeys stored in their Bitwarden vault and bringing phishing‑resistant, passwordless authentication to the Windows sign‑in screen. ps://bitwarden.com/blog/bitwarden-launches-passkey-management/)...

Bitwarden’s vault can now unlock the Windows desktop: users can authenticate to Windows 11 with passkeys stored in their Bitwarden vault, moving passkey support from web and app silos into the operating system sign‑in flow and promising a phishing‑resistant, passwordless path to the Windows lock...

Bitwarden’s vault can now unlock the Windows desktop, bringing synchronized, phishing‑resistant passkey sign‑in to Windows 11 users and enterprises — but the convenience comes with important technical tradeoffs and operational choices that IT teams must weigh before rolling it out. Overview...

Microsoft’s public preview of user‑bound user delegation SAS marks a pragmatic, identity‑centric tightening of Azure Storage access controls: SAS tokens can now be created so that they are only usable by a specific Microsoft Entra ID (Azure AD) principal, improving traceability, reducing...

Microsoft has pushed Windows 11 Builds 26100.7918 and 26200.7918 (KB5077241) to the Release Preview Channel, bringing a mix of small but meaningful user-facing improvements, important enterprise-oriented features, and a controversial—but long-awaited—security change that embeds Sysmon natively...

Microsoft’s upcoming enforcement change for Conditional Access in Entra ID is a clear pivot toward consistency and defense‑in‑depth: policies that target All resources will now be evaluated even when those policies include resource exclusions, and sign‑ins that request only minimal OpenID...

Microsoft is giving administrators and end users a second chance: if the opportunity to restore a preserved Windows environment was missed during the out‑of‑box experience (OOBE), Windows Backup for Organizations can now offer a first sign‑in restore that runs when the user signs in for the...

Microsoft has quietly expanded the enterprise-focused Windows Backup for Organizations to include a first sign-in restore experience, giving IT teams a second opportunity to restore a user's Windows settings and Microsoft Store app list at the very first interactive sign-in — not only during...

Microsoft’s Entra ID sign-in stack on Windows 11 is getting a significant under‑the‑hood refresh: WebView2 — the Chromium‑based embedded web control used across modern Windows apps — can now power Entra ID sign‑ins through the Web Account Manager (WAM). This change, delivered beginning with the...

Arctera’s latest maintenance refresh, Backup Exec 25.1, arrives as a focused, practical upgrade that treats identity protection, Microsoft 365 resilience and ransomware-hardened storage as first-class concerns — not optional extras. The release tightens integration between identity and data...

Microsoft’s long‑promised move to make identity the primary gateway for remote server access has taken a concrete step forward: Entra ID authentication for RDP inside the Azure portal is now available as a public preview for Azure Bastion sessions, allowing portal‑based RDP connections to use...