Updated on 2022-11-23 A crypto-stealing phishing campaign is abusing Microsoft Azure Web Apps service to evade MFA and steal cryptocurrencies from Coinbase, KuCoin, Metamask, and Crypto.com accounts. Read more: Attackers bypass Coinbase and MetaMask 2FA via TeamViewer, fake support chat Overview: 2FA-bypass phishing campaign PIXM researchers said they are tracking a sophisticated phishing campaign that …
Windows Update for Business reports is now generally available. This evolution of Update Compliance combines organizational and device-level reporting with actionable data and insights. The blog post provides guidance on how to enroll in or transition to Windows Update for Business reports from Update Compliance by January 15, 2023. Take an inside look at revamped …
Microsoft Authenticator App’s number matching is Generally Available! Microsoft will start enabling this critical security feature for all users of the Microsoft Authenticator app.
Your Office 365 subscription is being updated with a new service plan: Information Protection Service. This service plan enables various Microsoft Purview Information Protection features, including native sensitivity labels.
Updated December 27, 2022: We are providing additional guidance for your information: After December 10, admins can turn off account linking using PowerShell script (outlined below). After January 17, the toggle to enable or disable the feature will be available in Microsoft 365 Admin portal Settings page. Until then, please use the PowerShell script. Microsoft …
Updated on 2022-11-02: Microsoft Fixes Vulnerability in Jupyter Notebooks for Azure Cosmos DB Microsoft has fixed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB. Microsoft says that the missing authentication checks issue was introduced in August. Researchers from Orca reported the flaw to Microsoft in early October; Microsoft fixed the issue two …
Updated November 16, 2022: We have updated this message with additional information for clarity. Thank you for your patience. Microsoft 365 Apps are disabling server sign-in prompts using Basic authentication in Office Apps. We are making this change because basic authentication is a legacy authentication method that sends a username and password with each request. …
As previously announced, we are introducing a significant change for enterprise Windows devices that have diagnostic data turned on. Currently, to enroll devices in the Window diagnostic data processor configuration option, IT admins can use policies, such as “Allow commercial data pipeline,” at the individual device level.
Update Compliance is being rebranded to Windows Update for Business reports, which was previously announced as Azure Workbooks for Update Compliance. With the general availability coming up in early November, current Update Compliance users are reminded of new eligibility requirements and the steps necessary to get ready for the upcoming improvements. Specifically, CommercialID is being …
Updated on 2022-10-20: Azure Service Fabric Explorer Spoofing Vulnerability A spoofing vulnerability affecting Azure Fabric Explorer versions 8.1.316 and earlier could be exploited to gain full admin privileges. The flaw was detected by researchers from Orca Security and was addressed earlier this month as part of Microsoft’s Patch Tuesday release. Note You applied the October …
Beginning September 15, 2023, the Microsoft Graph service (graph.microsoft.com) will enable HTTP version 2 (HTTP/2) in addition to HTTP/1.1. for API requests.
We are moving the admin configuration of the Azure Information Protection (AIP) Scanner from the Azure portal to the Microsoft Purview compliance portal, and with the migration will be deprecating the Azure Information Protection (AIP) portal on 1/15/2023. This message is associated with Microsoft 365 Roadmap ID 100505. The AIP Scanner admin configuration is currently …
We’re making some changes to improve the security of your tenant. We announced in 2019 that we would be retiring Basic Authentication for legacy protocols, and in September 2021, we confirmed that we would begin to disable Basic Authentication for in-use protocols beginning October 2022.
Updated November 15, 2022: We have determined that this message did not reach the appropriate audience. Please disregard this message. Thank you for your patience. We’re making some changes to how Microsoft 365 Apps choose between the built-in client for sensitivity labels and the legacy Azure Information Protection (AIP) Add-in.
This message is to inform you that the Microsoft Dynamic 365 service is updating how User Management background jobs created within your environment will be processed.
