Managed Identities
The latest Managed Identities coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft's AI Agent Security Playbook: Give Them an Identity, Not a Master Key
Microsoft wants you to stop treating AI agents as just smarter service accounts. On July 16, the company published a detailed security blueprint urging organizations to enforce strict least-privilege...
Microsoft Azure 12-hour outage Feb 2026: config change hit managed identities, VM provisioning
Microsoft's Azure cloud platform experienced a significant, multi-stage outage that began at 19:46 UTC on Monday, February 9, 2026, and wasn't fully resolved until over 12 hours later, impacting...
Azure API Management Policies Now Route REST Calls Straight to Service Bus
Microsoft has introduced a groundbreaking capability in Azure API Management that enables direct publishing of REST messages to Azure Service Bus through built-in policies, eliminating the need for...
Ephemeral Access Model Secures Hybrid Windows; Static Credentials Drop 70%
For many hybrid enterprises, the final and most stubborn step of digital transformation isn't lifting servers or rehosting applications—it's reconciling identity across on-premises Active Directory...
Mandatory MFA Hits Azure CLI and IaC Tools This Autumn: Brace for Impact
Microsoft is set to roll out Phase 2 of its mandatory multi-factor authentication (MFA) enforcement for Azure this autumn, and this time the net is cast far wider than the portal. Starting...
Mandatory MFA Comes to Azure CLI, PowerShell, and IaC Tools—What You Need to Know Before October
Starting in October, Microsoft will begin enforcing multifactor authentication for all write operations performed through the Azure Resource Manager control plane—including Azure CLI, PowerShell,...
Exposed appsettings.json Files Unleash 'Master Key' to Azure Tenants via OAuth Token Abuse
A single, publicly exposed appsettings.json file containing Azure Active Directory (now Entra ID) application credentials can act as a master key to an organization’s entire cloud estate, security...
Microsoft enforces Azure MFA by October 2025 as Meta patches zero-click WhatsApp flaw CVE-2025-55177, making identity the new enterprise perimeter.
Meta has patched a zero-click vulnerability in WhatsApp that could let attackers execute code without any user interaction, while Microsoft will begin enforcing multi-factor authentication (MFA) for...
MFA Mandate Expands to Azure CLI, PowerShell, and IaC: The Clock Ticks for DevOps Migration
Microsoft is extending mandatory multi-factor authentication (MFA) beyond the Azure portal and into the command-line tools and automation interfaces that power cloud operations. Starting with its...
Azure VMs Hit by CVE-2025-53781: Information Disclosure Risk Prompts Urgent Patching
Microsoft has published a security advisory for CVE-2025-53781, warning Azure Virtual Machines users of a critical information disclosure vulnerability that could allow attackers to siphon sensitive...
Azure ML flaw CVE-2023-XXXX lets Reader users escalate to Owner, risking model theft and data breaches.
A critical privilege escalation vulnerability in Azure Machine Learning (AML) has sent shockwaves through the cloud security community, exposing organizations to potential data breaches and...
Azure Misconfigurations Enable Catastrophic Cloud Breaches, New Research Shows
Enterprising threat actors have long sought creative new ways to exploit increasingly complex cloud ecosystems, but a chilling series of events recently unveiled by security researchers at ITM8...