Mdm Security
The latest Mdm Security coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft Retires Azure NPM on Windows: AKS Users Must Rebuild Pod Security by 2026
Microsoft is retiring Azure Network Policy Manager for Windows nodes in AKS on September 30, 2026, with no direct, first-party replacement. The official Cilium migration path works only for Linux, forcing mixed-cluster operators to plan a separate Windows workstream. This article outlines a practical inventory-classify-test approach to safeguard pod-level security using Calico and NSGs before the deadline.
Windows Server 2022 Security Patches Will Remain Free Until 2031, Microsoft Confirms
Microsoft has clarified that Windows Server 2022 will continue receiving free security updates until October 2031, well past its October 2026 mainstream support end date. This gives IT administrators a long runway to plan workload upgrades, but they must be aware of limitations like paid non-security fixes and no new features during extended support.
Your Windows 11 PC might already be encrypted — here's how to avoid getting locked out
With Windows 11 24H2, Microsoft now turns on device encryption automatically during clean installs on compatible hardware. While this protects your data if the PC is lost or stolen, it also creates a single point of failure: the 48-digit recovery key. Many users don't realize they're encrypted until a firmware update or TPM glitch triggers a recovery prompt, and without that key, their files are gone forever. This guide explains how to check your encryption status, find and back up your recovery key, and test it before disaster strikes.
Microsoft’s Entra MFA Shake-Up: Your Deadline is September 2026, Not May 2027
Microsoft is deprecating the custom controls that let third-party MFA providers like Duo and Okta work with Entra ID Conditional Access. From September 30, 2026, you won't be able to add or edit those controls, and they retire completely in May 2027. Organizations must migrate to the new External MFA framework before that editing freeze, following a careful inventory, pilot, and phased rollout plan.
Key Intune Tools Land in Microsoft 365 E3/E5 on August 1, 2026 – What IT Teams Must Do Now
Microsoft will complete the rollout of Intune Suite capabilities into Microsoft 365 E3 and E5 by August 1, 2026. E3 gets Remote Help, Advanced Analytics, and Intune Plan 2; E5 adds Endpoint Privilege Management, Cloud PKI, and Enterprise Application Management. Organizations should audit current licenses, pilot new tools, and avoid canceling add-ons prematurely despite potential savings.
High-Severity 'Copy Fail' Flaw Exposes WSL2 Users to Root Attacks — Patching Steps Inside
Microsoft has disclosed a high-severity Linux kernel vulnerability, CVE-2026-31431 (Copy Fail), which allows local attackers to gain root in WSL2 environments. An exploit has already been confirmed on WSL 2.6.3, and while no official patch is available yet, users and admins must verify their WSL installations, update channels, and prepare to apply the fix as soon as it’s released.
Microsoft’s 2011 Secure Boot Certificates Are Expiring: What Windows Users and Admins Must Do Before June 2026
Microsoft's 2011 Secure Boot certificates expire in June and October 2026, requiring updates to firmware and Windows. Home users should keep Windows and firmware current; IT admins must audit devices, test updates, and plan for hardware that may need replacement. Simply enabling Secure Boot is not enough—organizations must verify new certificates are installed.
Google’s Gemini Enterprise Connector Overhaul Could Break Your Microsoft 365 Integrations – Here’s How to Prepare
Google is rolling out a Gemini Enterprise connector upgrade that forces reauthorization of existing connections, potentially disrupting Microsoft 365 and third-party integrations. IT admins need to audit connectors, prepare for permission prompts, and test workflows to avoid service outages.
Microsoft to Disable RC4 Kerberos Encryption by Mid-2026: What IT Admins Must Do Now
Microsoft announced that by the end of Q2 2026, Active Directory domain controllers will no longer treat RC4 as a default Kerberos encryption type. This article explains the timeline, the impact on organizations, and provides a step-by-step action plan for IT admins—from auditing event logs to remediating legacy accounts and applying Group Policy exceptions—ensuring a smooth transition ahead of the deadline.
Neowin’s New Winget Safety Guide: Why You Should Never Install Apps Without an Exact ID
A new guide from Neowin warns Windows 11 users that installing winget packages without exact IDs can lead to unwanted or malicious software. It recommends a three-step process: search, inspect, and install with precise identifiers to avoid security risks in the growing winget ecosystem.
Android 16 Lock-Screen Flaw Lets Anyone Send Texts via Gemini—Here's How to Block It Now
A lock-screen vulnerability in Android 16 allows anyone with physical access to a phone to send SMS messages via Google Gemini without a PIN, even when the user had revoked messaging permissions. Google is rolling out a fix, but as of July 19 there's no device-by-device confirmation, so affected users should immediately disable Gemini's lock-screen messaging features and check for unauthorized app integrations.
Microsoft Sets Hard Deadline: SMS MFA Retires in Entra ID by 2027, Passkeys Take Over
Microsoft will retire its built-in SMS and voice MFA for Entra ID on February 1, 2027, forcing organizations to move users to phishing-resistant passkeys or risk account lockouts. The change brings a two-phase rollout starting September 2026, with a hard no-opt-out deadline that requires immediate planning, piloting, and communication.
Office LTSC 2021’s Final Countdown: Plan Your Exit Before the 2026 Security Shutdown
Microsoft will end support for Office LTSC 2021, Project LTSC 2021, and Visio LTSC 2021 on October 13, 2026. After that date, no security updates or technical support will be provided, leaving users at risk. This article explains the practical impact, offers a step-by-step migration plan to Microsoft 365 Apps or Office LTSC 2024, and highlights the special considerations for Project and Visio.