Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States. The attack is carried out by Volt Typhoon, a state-sponsored actor based in China ... continue reading

In previous blogs, we've emphasized the importance of multifactor authentication (MFA). Today, organizations and end users are using various authentication methods, providing varying levels of security. Users often choose less secure MFA methods, despite having access to more secure options due ... continue reading

We’re thrilled to announce two key updates to how you manage your authentication experiences! The General Availability of Converged Authentication Methods and Public Preview of a modernized version of multifactor authentication (MFA) Fraud Alert.    The General Availability of Converged ... continue reading

It’s that time of year again. World Password Day is May 4, 2023.1 There’s a reason it’s still going strong 10 years after being created by cybersecurity professionals. A recent study that analyzed more than 15 billion passwords found that ... continue reading

I’m excited by this year’s RSA theme of “Stronger Together.” In the Identity and Network Access Division, we believe that everyone must work together to make the world a safer place for all. Leading up to RSA this year, the ... continue reading

Hello everyone,  Today, we're sharing our March train for feature and breaking changes. We also communicate these changes on release notes and via email. We are continuing to make it easier for our customers to manage lifecycle changes (deprecations, retirements, ... continue reading

Microsoft Threat Intelligence has detected destructive operations enabled by MERCURY, a nation-state actor linked to the Iranian government, that attacked both on-premises and cloud environments. While the threat actors attempted to masquerade the activity as a standard ransomware campaign, the ... continue reading

Every organization strives to reduce the attack surface of their infrastructure to make it secure and reliable.     As team members of the Microsoft Global Compromise Recovery Security Practice (CRSP), we’ve seen time and time again that by improving the ... continue reading

If you read behind the attention-grabbing headlines, most novel techniques rely on compromised identities.1 In fact, of all the ways an attacker can get into your digital estate, identity compromise is still the most common.2 This makes identity your first ... continue reading

Adversary-in-the-middle (AiTM) phishing kits are part of an increasing trend that is observed supplanting many other less advanced forms of phishing. AiTM phishing is capable of circumventing multifactor authentication (MFA) through reverse-proxy functionality. DEV-1101 is an actor tracked by Microsoft ... continue reading