microsoft entra

CVE-2026-28388 is a reminder that not every security flaw needs remote code execution to matter. Even a NULL pointer dereference can become operationally significant when it sits inside a trust-heavy component such as certificate validation, especially if the affected path is tied to revocation...

The Microsoft Azure Administrator Associate credential, better known as AZ-104, has become one of the clearest signals that an IT professional can actually operate inside a modern cloud estate rather than merely talk about one. Microsoft’s current exam guide shows that the certification is built...

Microsoft’s SC-900 certification has become one of the clearest on-ramps into the modern security stack because it teaches the language of security, compliance, and identity before learners ever have to wrestle with advanced administration. For beginners, that matters: the exam is explicitly...

Microsoft’s latest Storm-2755 research is a sharp reminder that payroll fraud has evolved far beyond simple credential theft. In the campaign Microsoft DART analyzed, attackers used malvertising, SEO poisoning, and adversary-in-the-middle (AiTM) phishing to hijack sessions, bypass MFA, and...

The idea that identity governance is “just compliance” is rapidly becoming obsolete. In Microsoft’s latest framing, governance is now one of the operational foundations of Zero Trust, because access decisions have to be continuously justified, time-bound, and revocable across cloud, hybrid, and...

Microsoft’s authentication systems briefly tripped over a dependency on Monday, leaving some North American users unable to complete sign‑ins to Microsoft 365 because Multi‑Factor Authentication (MFA) requests returned 504 “gateway timeout” errors — a disruption Microsoft logged as incident...

Microsoft’s latest push to embed third‑party defenses directly into Microsoft Entra marks a pragmatic shift: identity protection is no longer just about adding conditional access or MFA — it’s about delivering layered, partner‑driven defenses at the points where attackers interact with...

Microsoft is rolling out a hardline browser security change for Microsoft Entra ID sign-ins that will block most externally injected scripts on pages that start with login.microsoftonline.com, enforcing a Content Security Policy (CSP) designed to stop script-injection and cross-site scripting...

Idemia Public Security’s elevation to a Microsoft Entra Verified ID launch partner marks a deliberate step in the identity industry's pivot from brittle, password-centric workflows to cryptographically anchored, verification-driven credentials—and the move highlights both immediate operational...

Microsoft’s claim that it has been named a Leader in the Gartner Magic Quadrant for Access Management for the ninth consecutive year crystallizes a larger narrative: the company is wiring identity into the center of enterprise security as AI accelerates both opportunity and risk. This...

Quest’s product update at Microsoft Ignite 2025 marks a clear push to put generative AI into the middle of identity security for hybrid Microsoft estates — adding AI-written risk summaries, a Security Guardian Agent for Microsoft Security Copilot, workload‑identity coverage for Entra ID, and a...

Microsoft’s Ignite 2025 keynote framed a simple but seismic pivot: AI agents are no longer experimental helpers — they are becoming first-class, identity-backed members of the enterprise, and Microsoft’s Agent 365 is the control plane designed to manage them at scale. This announcement...

RSA’s new RSA ID Plus for Microsoft lineup goes beyond a simple integration — it’s a strategic push to layer enterprise-grade, phishing‑resistant identity controls on top of Microsoft Entra ID while promising operational resilience for environments that still rely on legacy, on‑premises, and...

Microsoft has begun rolling out SMS-based self-service password reset for Microsoft Entra External ID, adding a phone-based recovery option to the External ID SSPR flow while pairing the capability with built-in telecom fraud protections and per-message billing for SMS verification attempts...

Microsoft’s move away from a traditional VPN toward an identity-first Security Service Edge—branded internally as Global Secure Access (GSA) and externally as Microsoft Entra Internet Access and Microsoft Entra Private Access—represents a major operational and architectural shift for large...

Workday and Microsoft have announced a practical, identity-first integration that lets organizations register, verify, and govern AI agents alongside human employees by linking Microsoft’s agent runtime and identity tooling with Workday’s new Agent System of Record (ASOR), enabling agents built...

Workday and Microsoft have quietly stepped into the next phase of enterprise automation: they’re building the plumbing to let agentic AI workers — digital agents created in Microsoft’s developer ecosystem — obtain verified identities, join a corporate directory, and be managed alongside human...

Microsoft’s enterprise backup story just took a meaningful step: Windows Backup for Organizations — the tenant-scoped backup and restore experience Microsoft built to ease device refreshes and large-scale Windows migrations — is being exposed to Intune administrators and moving into wider...

Microsoft's new Windows Backup for Organizations landed in Microsoft’s enterprise rollout this summer, promising a way for managed tenants to preserve a user’s Windows settings and Microsoft Store app list in the cloud and replay that state automatically during device enrollment — but it is...

Microsoft’s new Windows Backup for Organizations lands in the enterprise as a tightly scoped, Intune-integrated way to preserve Windows settings and Microsoft Store app lists in the cloud — but it is not a replacement for disk imaging, file-level backups, or full disaster recovery. Background /...