managed identities

Microsoft’s Azure cloud platform suffered a prolonged, multi-stage outage that began at 19:46 UTC on Monday and was not fully resolved until 06:05 UTC the following morning, leaving customers worldwide unable to perform routine virtual machine lifecycle operations and—after a mitigation...

Azure API Management can now push messages directly into Azure Service Bus using a built‑in policy, removing the need for custom SDKs or middleware and making it far easier to build REST‑driven, event‑oriented integrations from API endpoints to asynchronous backends. Background Azure API...

For many hybrid enterprises the last, stubborn step of digital transformation is not lifting servers or rehosting applications — it’s reconciling identity across on‑premises Active Directory and cloud identity platforms so users, services, and workloads can authenticate and authorize reliably...

Microsoft has confirmed that Phase 2 of its mandatory multi‑factor authentication (MFA) enforcement for Azure will begin a tenant‑by‑tenant rollout this autumn, extending MFA requirements from portal sign‑ins down into the Azure Resource Manager (ARM) control plane and affecting command‑line...

Microsoft has confirmed a second phase of mandatory multifactor authentication (MFA) that extends enforcement from Azure’s web admin consoles into the Azure Resource Manager (ARM) control plane — covering Azure CLI, Azure PowerShell, REST management APIs, mobile clients and...

A publicly exposed appsettings.json containing Azure Active Directory (Entra ID) application credentials has opened a direct, programmatic path into affected tenants — a single misconfigured JSON file acting as a master key for cloud estates and enabling attackers to exchange leaked...

A publicly exposed appsettings.json file that contained Azure Active Directory application credentials has created a direct, programmatic attack path into affected tenants — a misconfiguration that can let attackers exchange leaked ClientId/ClientSecret pairs for OAuth 2.0 access tokens and then...

Two parallel announcements from Meta and Microsoft this week — a patched zero-click vulnerability in WhatsApp and a timetable for mandatory multi-factor authentication across Azure — crystallise a single lesson for enterprise security teams: convenience is no longer an acceptable substitute for...

Microsoft has announced that mandatory multi‑factor authentication will soon extend beyond Azure's web consoles to command‑line and programmatic interfaces, forcing a major rethink of developer tooling and automation strategies: starting this enforcement window, any user performing create...

Azure Virtual Machines are affected by an information disclosure vulnerability tracked as CVE-2025-53781, a flaw Microsoft lists in its Security Update Guide that describes the exposure of sensitive information from Azure-hosted virtual machines which could allow an attacker with certain...

A critical privilege escalation vulnerability has been identified in Azure Machine Learning (AML), allowing attackers with minimal permissions to execute arbitrary code within AML pipelines. This flaw, discovered by cloud security firm Orca Security, underscores the importance of stringent...

Enterprising threat actors have long sought creative new ways to exploit increasingly complex cloud ecosystems, but a chilling series of events recently unveiled by security researchers at ITM8 demonstrates just how swiftly multiple small oversights in Microsoft Azure can be woven into an attack...

Azure Managed Identities (MIs) have revolutionized the way applications authenticate to Azure services by eliminating the need for developers to manage credentials directly. This innovation enhances security by reducing the risk of credential leakage. However, recent research has illuminated...

Microsoft is kicking off the year with a bang, unveiling a major feature in its security ecosystem that is bound to make software developers and IT administrators breathe a little easier. Say hello to Managed Identities as Federated Identity Credentials (FICs), now available as a Public Preview...