microsoft 365 security

The FBI warned on May 21, 2026, that Kali365, a phishing-as-a-service platform distributed primarily through Telegram, is being used to hijack Microsoft 365 accounts by abusing OAuth device code authentication and stealing access tokens without capturing passwords. The warning matters because it...

The FBI’s Internet Crime Complaint Center warned in May 2026 that Kali365, a phishing-as-a-service platform first seen in April, is targeting Microsoft 365 users by abusing OAuth device-code authentication to capture access tokens and bypass multifactor authentication without stealing passwords...

Most Copilot Studio agents in production today can read internal business content, invoke tools, run workflows, and authenticate to connected services through either end-user credentials or the maker’s stored credentials, creating a June 2026 enterprise risk in which prompt injection can turn a...

inforcer launched an early-access Threat Detection and Response platform for managed service providers at Pax8 Beyond in Salt Lake City in June 2026, extending its Microsoft 365 tenant-management product into monitoring, containment, incident workflow, and customer reporting. The move is not...

Pax8 said on June 9, 2026, that it will add inforcer to the Pax8 Marketplace this summer, giving managed service providers a new way to buy and deploy Microsoft 365 security, governance, and Copilot-readiness tooling for small and midsize business customers. The announcement is not simply...

Microsoft CEO Satya Nadella said in a “Possible Podcast” episode posted Friday that companies should manage AI agents with identities, permissions, sandboxes, policies, and audits, framing them less as chatbots and more as non-human workers inside enterprise systems. The remark sounds tidy...

For most organizations in 2026, Microsoft 365 is no longer merely Office in a browser but the operating layer for identity, email, collaboration, device policy, security tooling, compliance workflows, and increasingly AI-assisted business processes. That makes the old mental model dangerously...

Pax8 said on June 9, 2026, that it will add inforcer to the Pax8 Marketplace this summer, giving managed service providers a new route to buy and deploy Microsoft 365 security, governance, and Copilot-readiness tooling for small and midsize business customers. The announcement is not merely...

Pax8 said on June 9, 2026, that it will add inforcer to the Pax8 Marketplace this summer, giving managed service providers a new route to buy and deploy Microsoft 365 security, governance, and Copilot-readiness tooling for SMB customers. The announcement is not merely another vendor listing in a...

Microsoft 365 Baseline Security Mode is an opt-in security bundle in the Microsoft 365 admin center that centralizes recommended controls across authentication, files, Exchange Online, SharePoint, OneDrive, Teams, and Entra ID for tenant administrators. That sounds like a switch, and Microsoft...

inforcer announced Threat Detection and Response for Microsoft 365 MSPs on June 9, 2026, following its unveiling at Pax8 Beyond in Salt Lake City, positioning the early-access product as a multi-tenant security layer for detecting, containing, and learning from attacks across Microsoft 365...

On June 8, 2026, Palo Alto Networks Unit 42 warned that attackers are increasingly using Microsoft Teams chats to impersonate IT support staff, trick employees into accepting external conversations, and manipulate them into approving MFA prompts or visiting credential-harvesting pages. The core...

Inforcer launched a threat detection and response platform on June 8, 2026, aimed at helping managed service providers detect, investigate, and respond to attacks across Microsoft 365 environments from a multi-tenant security console. The move matters because Microsoft 365 has become both the...

Fire and Emergency New Zealand will stop people downloading its documents to personal devices through SharePoint, OneDrive, and Microsoft Teams from 5pm on 8 June 2026, while preserving existing browser-based viewing and editing permissions for staff and external partners. The move is not a ban...

Theta Lake’s June 5, 2026, argument is that enterprises now need to monitor “aiComms” — human-to-AI and agent-to-agent workplace interactions — as a distinct communications risk category spanning tools such as Microsoft Copilot, Zoom AI Companion, Claude, and Gemini. The important part is not...

Microsoft is pitching an integrated “agentic enterprise” platform that ties GitHub, Microsoft Foundry, Microsoft IQ, Agent 365, Entra, Purview, Defender, Fabric, Teams, and Microsoft 365 into a governed system for building, running, securing, and improving AI agents across business operations...

Microsoft has listed CVE-2026-48579 as a Microsoft Exchange Online information disclosure vulnerability in the Security Update Guide, giving administrators a confirmed cloud-service security issue to track as of June 4, 2026, even though public technical detail remains limited. The important...

Barracuda reported in late May 2026 that malicious Microsoft 365 logins from traditionally low-risk countries, including the United States and United Kingdom, rose by about 25 percent in April, as attackers used legitimate credentials and trusted-looking infrastructure to avoid obvious...

Huntress says early testing of its Identity Security Posture Management capabilities across hundreds of Microsoft 365 environments found frequent identity-control gaps, including weak MFA coverage, insufficient administrator restrictions, user privilege overreach, and missing password policies...

Microsoft announced Autopilot and its first agent, Scout, at Build on June 2, 2026, presenting a new class of Microsoft 365 AI that can remain active across Teams, Outlook, OneDrive, SharePoint, desktop, cloud, and web workflows while taking action without repeated prompts. That is not a...