identity security

ConsentFix v3 is a newly reported phishing toolkit and attack method that targets Microsoft Azure and Entra ID accounts by automating OAuth authorization-code theft, using services such as Cloudflare Pages and Pipedream to collect codes and exchange them for usable Microsoft access and refresh...

Containing a domain compromise became possible here because Microsoft Defender did something traditional incident response usually cannot do fast enough: it treated exposed credentials as an active containment problem, not just a postmortem cleanup task. In this Microsoft case study, a...

Microsoft’s CVE-2026-27906 entry is already drawing attention because it sits in a security category that matters far beyond a single bug: Windows Hello security feature bypass. In Microsoft’s own risk framing, the key question is not merely whether exploitation is possible, but how confident...

Technology Record’s Issue 40 lands at a moment when the AI conversation has moved decisively from experimentation to control. The magazine’s Spring 2026 cover story captures a hard truth: AI agents are no longer harmless copilots, but software actors with access, autonomy, and consequences. That...

In 2026, the Microsoft and Cisco certification ecosystems are still among the clearest signals of practical IT competence, but they are no longer static badges. They are evolving credential frameworks shaped by cloud adoption, automation, AI-assisted workflows, and the need for professionals who...

AI in regulated industries is no longer an abstract future — it’s a present-day operational challenge that forces a hard reckoning between speed and restraint. In practice, organizations that move fastest with AI without building governance, provenance, and identity-first protections are already...

A tight cluster of identity, management-plane, and update failures has turned routine admin tasks into a potential path to tenant‑wide catastrophe: a critical Microsoft Entra ID token‑validation flaw that could permit stealthy cross‑tenant impersonation, a high‑impact local...

Microsoft’s upcoming enforcement change for Conditional Access in Entra ID is a clear pivot toward consistency and defense‑in‑depth: policies that target All resources will now be evaluated even when those policies include resource exclusions, and sign‑ins that request only minimal OpenID...

Microsoft’s securityy playbook for 2026 centers on four interlocking priorities that together reframe identity as the primary control plane for defending modern networks: deploy AI-driven protection at operational speed, treat AI agents as governed identities, stitch identity and network...

Microsoft has recorded CVE-2026-20875 as a denial-of-service vulnerability affecting the Local Security Authority Subsystem Service (LSASS), and defenders should treat this as a high-priority availability issue for identity-critical hosts until every affected build is patched. Background /...

Microsoft’s playbook for helping startups move from MVP to mission-critical enterprise software boils down to one simple truth: features are table stakes; trust is the currency that closes large deals. The company’s recent guidance frames enterprise readiness as a composite discipline built on...

Conditional Access in large tenants is often a map of good intentions and accidental complexity, and idPowerApp promises to redraw that map into clear, printable slides so teams can see, reason about, and remediate policy interactions at a glance. Overview Conditional Access (CA) is one of the...

Google’s long-standing rule — that a primary @gmail.com address is effectively permanent — is finally being loosened: users are being given a way to replace their primary Gmail handle with a new @gmail.com address while keeping the same Google Account, data, inbox and sign-in continuity...

Microsoft’s prediction that 2026 will be the year “AI becomes a human partner, not just a tool” crystallizes a shift that’s already visible across research labs, cloud infrastructure, developer platforms and healthcare pilots — and it challenges IT professionals, enterprise architects, and...

Microsoft’s Baseline Security Mode introduces a single, opt‑in “secure‑by‑default” posture for Microsoft 365 that packages identity hardening, file‑safety controls, and meeting‑room device protections into a single, admin‑facing experience — and it arrives with simulation tools and telemetry to...

Arctera’s latest maintenance refresh, Backup Exec 25.1, arrives as a focused, practical upgrade that treats identity protection, Microsoft 365 resilience and ransomware-hardened storage as first-class concerns — not optional extras. The release tightens integration between identity and data...

Microsoft’s Copilot and several related services were knocked offline for many users during a major cloud outage that struck Microsoft’s global edge fabric, producing widespread sign‑in failures, blank admin consoles, and degraded Copilot file actions — an incident that underlines both the power...

Microsoft’s latest push to embed third‑party defenses directly into Microsoft Entra marks a pragmatic shift: identity protection is no longer just about adding conditional access or MFA — it’s about delivering layered, partner‑driven defenses at the points where attackers interact with...

Idemia Public Security’s elevation to a Microsoft Entra Verified ID launch partner marks a deliberate step in the identity industry's pivot from brittle, password-centric workflows to cryptographically anchored, verification-driven credentials—and the move highlights both immediate operational...

On October 29, 2025, a configuration error inside Microsoft’s global edge fabric sent a shockwave through the internet: Microsoft Azure, Microsoft 365, Xbox Live and dozens of third‑party customer sites — from Starbucks and Kroger to airlines and airport systems — suffered hours‑long...