You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
microsoft 365 security
About this tag
Microsoft 365 security discussions on WindowsForum.com focus on identity posture, OAuth token theft, and device-code phishing attacks targeting Microsoft 365 tenants. Recurring themes include hardening Entra ID consent settings, managing OAuth app trust, and addressing the gap between knowing security baselines and enforcing them continuously. Topics cover phishing-as-a-service platforms like Kali365 and EvilTokens, managed identity security posture management from vendors like Huntress, and the risks of permissive configurations that allow privilege escalation. The tag also touches on AI integrations in Microsoft Teams and certification paths for Microsoft 365 administrators. These threads emphasize that Microsoft 365 security requires proactive configuration management beyond traditional password and MFA defenses.
Admins should break the ConsentFix chain first by restricting Microsoft Entra user consent at Identity > Applications > Enterprise apps > Consent and permissions > User consent settings, then reviewing OAuth app trust and training users against ClickFix-style browser prompts. That order matters...
Anthropic launched Claude Tag in beta for Claude Enterprise and Team customers on June 23, 2026, starting with Slack rather than Microsoft Teams, while Teams users currently have access only through Claude’s Microsoft 365 connector rather than a native in-channel assistant. That distinction...
Huntress announced on June 30, 2026, that Managed Identity Security Posture Management is generally available, bringing a fully managed Microsoft 365 hardening service to its Agentic Security Platform after an Early Access program spanning more than 12,000 tenants. The news is less about another...
On May 21, 2026, the FBI warned that Kali365, a phishing-as-a-service platform promoted through Telegram, is being used to hijack Microsoft 365 accounts by abusing Microsoft’s legitimate device-code sign-in flow and capturing OAuth tokens instead of passwords. That distinction matters because it...
Cisco Talos has identified ARToken, a React-based operator panel tied by infrastructure and API behavior to the EvilTokens phishing-as-a-service ecosystem, exposing more than 80 endpoints for Microsoft 365 device-code phishing, token persistence, mailbox abuse, BEC operations, and SharePoint...
Huntress made Managed Identity Security Posture Management generally available on June 30, 2026, extending its security platform for Microsoft 365 tenants with managed hardening across Entra ID, Exchange, SharePoint, and Teams after an Early Access program covering more than 12,000 tenants. The...
As of June 30, 2026, Microsoft’s AZ-104 remains the Azure administrator exam, MS-102 remains the Microsoft 365 administrator expert exam, and AI-102 reaches its scheduled retirement date, making the once-straightforward choice between cloud operations, AI engineering, and tenant administration...
Huntress says a standard Microsoft 365 user was escalated to Global Administrator in five and a half minutes during a live product-launch demonstration, using no zero-day exploit, only permissive identity settings, an overpowered enterprise application, a service account, and AI-generated...
The FBI warned on May 21, 2026, that Kali365, a phishing-as-a-service platform first observed in April, is targeting Microsoft 365 users by abusing legitimate device-code sign-ins to capture OAuth tokens for Outlook, Teams, OneDrive, and other cloud services without stealing passwords. The...
The FBI warned in May 2026 that Kali365, a phishing-as-a-service platform first seen in April and distributed mainly through Telegram, is being used to hijack Microsoft 365 accounts by abusing Microsoft’s legitimate device-code sign-in flow. The important word there is not “phishing.” It is...
Cloud-based security monitoring is essential for K–12 schools using Google Workspace and Microsoft 365 because student data, staff communications, file sharing, identity activity, and app permissions now live inside cloud platforms that traditional perimeter tools cannot continuously see or...
Microsoft 365 security baselines are moving from consultant checklists to operating doctrine in 2026, as Microsoft, CISA, and security practitioners converge on a simple message: tenants must be configured, monitored, and reviewed as living security systems, not as default SaaS subscriptions...
Microsoft Teams is being promoted in a syndicated June 2026 press release as a smarter meeting and collaboration solution for hybrid organizations, but the more important story is how Teams has become the default workplace operating layer for many Microsoft 365 customers. The release says little...
Cybernews researchers reported in mid-June 2026 that an exposed Elasticsearch database briefly left more than 24 billion credential records, roughly 8.3 terabytes of usernames, email addresses, passwords, and login URLs, accessible on the open internet before it was secured. The number is...
Microsoft fixed CVE-2026-42824, a Microsoft 365 Copilot information-disclosure vulnerability disclosed in June 2026, after Varonis researchers described a one-click “SearchLeak” attack chain that abused Copilot Search, browser rendering behavior, and Microsoft service trust to leak enterprise...
Microsoft is expanding Microsoft Purview sensitivity-label enforcement for commercial Microsoft 365 tenants so protected Word, Excel, PowerPoint, and Outlook content can be blocked from Copilot and other connected experiences that analyze files, with rollout expected to complete by the end of...
Microsoft warned in April 2026 that attackers are using cross-tenant Microsoft Teams chats and calls to pose as IT help desks, persuade employees to launch remote-assistance tools such as Quick Assist, and turn ordinary collaboration workflows into entry points for data theft, lateral movement...
Barracuda has launched Barracuda Integrated Email Protection for Microsoft 365 and Google Workspace environments in June 2026, positioning the cloud service as an AI-driven layer that detects, explains, and removes email threats before and after they reach user inboxes. The important word is not...
On May 21, 2026, the FBI’s Internet Crime Complaint Center warned that a phishing-as-a-service platform called Kali365 is targeting Microsoft 365 users by abusing OAuth device-code authentication to capture access tokens for Outlook, Teams, OneDrive, and related cloud services. The warning...
The FBI issued a May 21, 2026, public warning that Kali365, a phishing-as-a-service kit first seen in April 2026, is targeting Microsoft 365 users by abusing OAuth device-code sign-ins to seize access tokens for Outlook, Teams, and OneDrive without stealing passwords. This is not another clumsy...