service principal

Microsoft is taking the first concrete step in its phased enforcement of the dedicated Exchange hybrid app requirement: on September 16, 2025 at 07:00 UTC Microsoft will temporarily block Exchange Web Services (EWS) traffic that uses the Exchange Online shared service principal for hybrid...

Microsoft’s Exchange team published a short but important Hotfix Update (HU) rollup for September 2025 that is aimed at fixing a non‑security issue in earlier updates and, crucially, preserves support for the dedicated Exchange hybrid application workflow introduced earlier in 2025 — the update...

Note: I tried to open the MSRC link you gave . I could not find any published advisory or public record for CVE‑2025‑55244 on Microsoft’s Update Guide or the major CVE/NVD indexes. Instead, Microsoft’s published Azure Bot Framework / Azure Bot Service elevation‑of‑privilege advisories are...

A publicly exposed appsettings.json file that contained Azure Active Directory application credentials has created a direct, programmatic attack path into affected tenants — a misconfiguration that can let attackers exchange leaked ClientId/ClientSecret pairs for OAuth 2.0 access tokens and then...

Microsoft’s Exchange team has given hybrid administrators a clear-but-urgent migration mandate: switch to the dedicated Exchange hybrid app and update on‑prem servers now, or face temporary disruptions in September and October followed by a permanent enforcement that will stop rich coexistence...

A Microsoft Security Update Guide entry for CVE-2025-33051 describes an information disclosure vulnerability affecting Microsoft Exchange Server, and the appearance of that CVE on the vendor’s advisory should put any on‑premises Exchange administrator on high alert. At the time of writing...

A new wave of cybersecurity urgency is sweeping through IT departments as the Cybersecurity and Infrastructure Security Agency (CISA) issues a fresh, high-severity warning concerning Microsoft Exchange Server. The alert, centered around CVE-2025-53786, underscores a newly disclosed vulnerability...

Security researchers have recently uncovered a critical technique that could allow attackers to seize Global Administrator access in Microsoft Entra ID, raising significant concerns across the enterprise security landscape. The vulnerability—first reported by Datadog and detailed in the Petri IT...

Cybersecurity researchers have recently uncovered a sophisticated attack technique that exploits misconfigured Microsoft Azure Arc deployments, enabling adversaries to escalate privileges from cloud environments to on-premises systems and maintain persistent access within enterprise...

For thousands of business users and IT administrators, classic Outlook has long been the backbone of enterprise communication on Windows. Yet, reliability expectations can be derailed by unexpected bugs and sign-in failures, as evidenced by the recent wave of error codes—CAA2000B, 4usqa, and the...

The End of an Era: Microsoft Entra ID’s Move Away from Service Principal-Less Authentication In a rapidly evolving digital landscape, Microsoft’s approach to identity and access management has been a compass for the industry. With the news that Microsoft Entra ID will officially retire service...