Microsoft 365 Security
The latest Microsoft 365 Security coverage — news, analysis, and updates from the WindowsNews.AI desk.
Copilot Studio's maker auth model enables prompt injection attacks across enterprise tools and connectors.
Microsoft's Copilot Studio agents are becoming a staple in enterprise automation, but security researchers are raising alarms about a critical design flaw: the way these agents authenticate and...
Microsoft's zero-trust stack gives every AI agent in Windows 365 a unique identity.
AI agents are reshaping enterprise productivity—but without rigorous security, they’re a liability. Satya Nadella, Microsoft CEO, recently stressed that companies must manage AI agents with...
Nation-state groups exploit weak M365 admin controls—eight-step blueprint to prevent full tenant takeover
By 2026, a single compromised Microsoft 365 global administrator account hands an attacker the keys to read every email, exfiltrate terabytes of sensitive files and disable every security control...
Pax8 Partners Gain Recurring Revenue with inforcer Copilot Readiness Service
Pax8 announced on June 9, 2026, that it will integrate inforcer into its cloud marketplace this summer, giving managed service providers (MSPs) a streamlined way to deliver Microsoft 365 security,...
Microsoft 365 Baseline Security Mode: One-Click Hardening with Legacy Exclusions
Microsoft has quietly rolled out Baseline Security Mode, a new opt-in feature in the Microsoft 365 admin center that allows organizations to apply a comprehensive set of security recommendations with...
Microsoft Teams Phishing Attack Bypasses MFA via Fake IT Chat
Attackers are exploiting Microsoft Teams to pose as IT support, trick users into granting external access, and bypass multi-factor authentication protections. On June 8, 2026, Palo Alto Networks'...
Inforcer Debuts Microsoft 365 Threat Detection Platform for MSPs
Inforcer on June 8, 2026, unveiled a dedicated threat detection and response platform engineered specifically for managed service providers (MSPs) safeguarding Microsoft 365 environments. The launch...
Fire and Emergency NZ Blocks Document Downloads to Personal Devices from June 2026
{ "title": "Fire and Emergency NZ Blocks Downloads to Personal Devices (Browser-Only Access)", "content": "Fire and Emergency New Zealand (FENZ) has announced it will prevent users from...
AI Governance: Monitoring Human-AI and Agent-to-Agent Conversations in Microsoft 365
Theta Lake dropped a bombshell on the compliance world this week. The California-based collaboration security vendor declared that organizations must start treating “aiComms”—human-to-AI and...
CVE-2026-48579 Exchange Online Info Disclosure: What Administrators Need to Know
Microsoft has officially listed CVE-2026-48579 as an information disclosure vulnerability affecting Microsoft Exchange Online, according to a recent entry in the Security Update Guide. The...
Malicious Microsoft 365 Logins Surge 25% from US, UK—Stop Trusting Low-Risk Country Checkmarks
Malicious login attempts targeting Microsoft 365 accounts from the United States and United Kingdom soared by roughly 25 percent in April 2026, according to new data from Barracuda Networks. The...
Huntress Flags Rampant M365 Identity Gaps: MFA Neglect, Admin Overprivilege, Weak Passwords
Huntress has released alarming findings from the initial deployment of its new Identity Security Posture Management (ISPM) tool, revealing pervasive misconfigurations across Microsoft 365...