Microsoft Entra Internet Access: An Identity-Centric Secure Web Gateway Solution
In our previous blog, we introduced Microsoft’s identity-centric security service edge (SSE) solution and two new services: Microsoft Entra Private Access and Microsoft Entra Internet Access. This blog continues the series around Microsoft’s new SSE solution, where we’ll take a ... continue reading

Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets
Since February 2023, Microsoft has observed password spray activity against thousands of organizations carried out by an actor we track as Peach Sandstorm (HOLMIUM). Peach Sandstorm is an Iranian nation-state threat actor who has recently pursued organizations in the satellite, ... continue reading

Cloud storage security: What’s new in the threat matrix
Today, we announce the release of a second version of the threat matrix for storage services, a structured tool that assists in identifying and analyzing potential security threats on data stored in cloud storage services. The matrix, first released in ... continue reading

Flax Typhoon using legitimate software to quietly access Taiwanese organizations
Summary Microsoft has identified a nation-state activity group tracked as Flax Typhoon, based in China, that is targeting dozens of organizations in Taiwan with the likely intention of performing espionage. Flax Typhoon gains and maintains long-term access to Taiwanese organizations’ ... continue reading
MDE Device Control – Leveraging Reusable Settings in Intune
Introduction Hello everybody! We are Jorge Miguel Ferreira and Sebastian Werner and we’re consultants at Microsoft. This blog post will show you how to set up Microsoft Defender for Endpoint (MDE) Device Control Removable Storage Access Control (LINK Microsoft Defender ... continue reading
Adopting guidance from the US National Cybersecurity Strategy to secure the Internet of Things
The recently published United States National Cybersecurity Strategy warns that many popular Internet of Things (IoT) devices are not sufficiently secure to protect against many of today’s common cybersecurity threats.1 The strategy also cautions that many of these IoT devices ... continue reading
Microsoft Entra ID Governance Introduces Two New Features in Access Reviews
As announced on June 7, 2023, Microsoft Entra ID Governance is now generally available, and with it a set of new capabilities to empower businesses in their pursuit of streamlined access management. This includes machine learning (ML) powered access review ... continue reading

Storm-0978 attacks reveal financial and espionage motives
Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884, which included a remote code execution vulnerability exploited before ... continue reading

Meet unprecedented security challenges by leveraging MXDR services
We know customers of every size face ever-increasing security risks. In just the last 12 months the speed of attackers leveraging breaches is also increasing, as it only takes 72 minutes on average for an attacker to access private data ... continue reading

New macOS vulnerability, Migraine, could bypass System Integrity Protection
A new vulnerability, which we refer to as “Migraine” for its involvement with macOS migration, could allow an attacker with root access to automatically bypass System Integrity Protection (SIP) in macOS and perform arbitrary operations on a device. We shared ... continue reading