graph api

ControlUp has released a free migration utility, ControlUp Migrate for Windows 365, designed to automate the movement of Azure-based virtual machines and Azure Virtual Desktop (AVD) images into Windows 365 Cloud PCs — replacing much of the manual imaging work with a guided, snapshot-based...

A surprising number of Microsoft 365 tenants keep paying for licenses that are never used, and the short, practical PowerShell approach highlighted in a recent German post on BornCity underscores how simple discovery can unlock real cost savings — but also how easy it is to make mistakes if you...

When a Dutch researcher glanced at a token stream while preparing a Black Hat talk, he didn’t just find a bug—he found a fault line in the foundations of cloud identity that could have allowed a single click to flip virtually every Microsoft Entra (Azure AD) tenant from secure to owned. The...

Microsoft’s release of a Windows SDK for Facebook — a native, open-source library that brings full Facebook login, Graph API access, feeds, photo uploads and Like functionality into Universal Windows apps — marks a deliberate push to make Windows a more attractive, social-first platform for...

Microsoft is taking the first concrete step in its phased enforcement of the dedicated Exchange hybrid app requirement: on September 16, 2025 at 07:00 UTC Microsoft will temporarily block Exchange Web Services (EWS) traffic that uses the Exchange Online shared service principal for hybrid...

A publicly exposed appsettings.json file that contained Azure Active Directory application credentials has created a direct, programmatic attack path into affected tenants — a misconfiguration that can let attackers exchange leaked ClientId/ClientSecret pairs for OAuth 2.0 access tokens and then...

Microsoft has moved the revamped Message Trace experience in Exchange Online out of preview and into general availability, bringing a faster UI, new PowerShell cmdlets, extended query windows, and new operational constraints that will change how administrators automate and extract trace data...

Microsoft's updated Exchange hybrid guidance — and a last‑minute change to the enforcement cadence — should be on every hybrid admin’s radar: the Exchange team has expanded the push to migrate hybrid traffic away from the long‑standing Exchange Online shared service principal into a tenant‑owned...

Microsoft’s Exchange team has given hybrid administrators a clear-but-urgent migration mandate: switch to the dedicated Exchange hybrid app and update on‑prem servers now, or face temporary disruptions in September and October followed by a permanent enforcement that will stop rich coexistence...

Microsoft 365 Copilot can now tap enterprise file shares without forcing a wholesale migration to the cloud: NetApp’s new connector brings on‑prem and cloud NetApp data into Copilot while preserving item‑level security, offering containerized deployment options, and promising high performance...

Chemist Warehouse has quietly added a digital colleague to its HR team — an AI assistant named AIHRA that drafts responses to hundreds of routine HR queries each week, reshaping how the retail pharmacy giant manages volume, preserves specialist time, and rethinks talent retention across a...

Microsoft’s August Patchday reads like a wake‑up call: a newly disclosed Kerberos-related weakness tied to the delegated Managed Service Account (dMSA) feature in Windows Server 2025 can — under the right conditions — let an attacker escalate to domain‑admin control, and a clutch of additional...

Microsoft has quietly begun embedding three new Microsoft 365 “companion” apps into the Windows 11 taskbar — Calendar, File Search, and People — small, focused helpers designed to pull calendar events, corporate files, and contact details one click away from the desktop and reduce time lost to...

Microsoft’s recent how‑to on issuing custom SSO claims from Entra ID using directory extension attributes gives administrators a practical, low‑friction way to inject organization‑specific data into SAML and OIDC tokens — and to do so only for selected user groups during sign‑in. The documented...

HID is bringing enterprise-grade passkeys to the mainstream, unveiling a refreshed line of FIDO2 authenticators alongside a new Enterprise Passkey Management (EPM) service designed to provision, monitor, and revoke credentials centrally at scale. The announcement introduces redesigned Crescendo...

A newly disclosed security flaw in Microsoft Exchange hybrid deployments is triggering urgent action among IT administrators worldwide, as Microsoft warns of a critical vulnerability—CVE-2025-53786—that exposes hybrid environments to stealthy privilege escalation attacks. As organizations...

An alarming new vulnerability has come to light in Microsoft’s Entra ID, exposing hybrid cloud environments to the risk of privilege escalation attacks that could ultimately hand malicious actors the coveted Global Administrator privileges. This revelation, credited to the security research team...

Staying on top of Windows updates has evolved from a clunky, reactive process into a dynamic practice that’s central to modern IT management. The last year in particular has seen Microsoft double down on transparency, accessibility, and the user experience for those entrusted with managing...

A recently disclosed Local File Inclusion (LFI) vulnerability in Microsoft 365's PDF export functionality has raised significant security concerns. This flaw allowed attackers to access sensitive local system files during the PDF conversion process, potentially exposing confidential information...

Recent revelations surrounding a critical Local File Inclusion (LFI) vulnerability in Microsoft 365’s Export to PDF functionality have cast an intense spotlight on the hidden complexities and lingering security risks inherent even in feature-rich, enterprise-grade cloud platforms. The...