Microsoft 365 Security
The latest Microsoft 365 Security coverage — news, analysis, and updates from the WindowsNews.AI desk.
FBI Warns of Kali365 Phishing Platform Hijacking Microsoft 365 via Device Code Attacks
The FBI has issued an urgent public warning about Kali365, a phishing-as-a-service platform that weaponizes device code authentication to steal Microsoft 365 access tokens. The alert, released in May...
Microsoft's Agentic Enterprise Platform Unifies AI Agent Governance Across M365, Azure, and Security
Microsoft is quietly piecing together a comprehensive “agentic enterprise” platform that promises to weave AI agents into the very fabric of corporate computing—and then govern them with an...
Always On, Always Governed: Inside Microsoft Scout's Agent Identity Model
Microsoft took the wraps off Scout on June 2, 2026 at its Build conference, an always-on AI agent for Microsoft 365 that operates with its own governed Entra identity—a major step beyond simple...
MSPs Combat Microsoft 365 Configuration Drift to Stop Silent Security Erosion
When a mid-sized accounting firm underwent a routine cyber insurance assessment, the results shook the IT director. The company’s Microsoft 365 environment, initially configured with strict...
Microsoft Copilot Health Preview Raises HIPAA, Privacy Risks for M365 IT Admins
Microsoft opened the Copilot Health preview to consumer Microsoft 365 subscribers in the United States on May 29, 2026, giving eligible adults the ability to connect medical records, lab results, and...
FBI Warns Kali365 Phishing Steals OAuth Tokens to Bypass MFA in Microsoft 365
The FBI has issued an urgent public warning about a phishing-as-a-service platform called Kali365 that is systematically targeting Microsoft 365 accounts by abusing device-code authentication. The...
Prompt Injection in Copilot Cowork Lets Attackers Steal M365 Files Without Approval
A critical vulnerability in Microsoft's Copilot Cowork agent can be exploited to exfiltrate sensitive Microsoft 365 files, security researchers warned on May 26, 2026. PromptArmor disclosed that by...
CVE-2026-32185: Microsoft Teams Spoofing Exposes Critical Trust-Boundary Failure, Patch Now
{ "title": "CVE-2026-32185: Microsoft Teams Spoofing Exposes Critical Trust-Boundary Failure, Patch Now", "content": "Microsoft published CVE-2026-32185 in its Security Update Guide on May 12,...
Word for Android Spoofing Flaw: CVE-2026-41101 Fix via Play Store
Microsoft’s May 2026 security updates include a fix for CVE-2026-41101, a spoofing vulnerability in Word for Android that could undermine trust in the mobile document editing experience. Published...
Microsoft Purview to Reveal Risky AI Prompts in Plaintext by June 2026
Microsoft has confirmed that a powerful new capability is coming to its Purview Insider Risk Management platform, set to roll out between May and June 2026. Enterprise security teams will soon be...
Exchange Online to Block TLS 1.0/1.1 for POP and IMAP by July 2026
Microsoft has set July 2026 as the final cutoff for Exchange Online POP3 and IMAP4 clients that still negotiate Transport Layer Security (TLS) versions 1.0 or 1.1. After that date, every connection...
Bonfy ACS 2.0 Targets Copilot Security Gaps with Agent-First Approach
Bonfy has launched Adaptive Content Security 2.0, positioning it as a critical solution for enterprises grappling with AI security challenges in Microsoft 365 environments. The release comes as...