
Volt Typhoon targets US critical infrastructure with living-off-the-land techniques
Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States. The attack is carried out by Volt Typhoon, a state-sponsored actor based in China ... continue reading
GA: System-preferred multifactor authentication
In previous blogs, we've emphasized the importance of multifactor authentication (MFA). Today, organizations and end users are using various authentication methods, providing varying levels of security. Users often choose less secure MFA methods, despite having access to more secure options due ... continue reading
Modernizing Authentication Management
We’re thrilled to announce two key updates to how you manage your authentication experiences! The General Availability of Converged Authentication Methods and Public Preview of a modernized version of multifactor authentication (MFA) Fraud Alert. The General Availability of Converged ... continue reading

How Microsoft can help you go passwordless this World Password Day
It’s that time of year again. World Password Day is May 4, 2023.1 There’s a reason it’s still going strong 10 years after being created by cybersecurity professionals. A recent study that analyzed more than 15 billion passwords found that ... continue reading
Building Stronger Identity Solutions with New Microsoft Entra Integrations
I’m excited by this year’s RSA theme of “Stronger Together.” In the Identity and Network Access Division, we believe that everyone must work together to make the world a safer place for all. Leading up to RSA this year, the ... continue reading
Microsoft Entra Change Announcements – March 2023 Train
Hello everyone, Today, we're sharing our March train for feature and breaking changes. We also communicate these changes on release notes and via email. We are continuing to make it easier for our customers to manage lifecycle changes (deprecations, retirements, ... continue reading

MERCURY and DEV-1084: Destructive attack on hybrid environment
Microsoft Threat Intelligence has detected destructive operations enabled by MERCURY, a nation-state actor linked to the Iranian government, that attacked both on-premises and cloud environments. While the threat actors attempted to masquerade the activity as a standard ransomware campaign, the ... continue reading
Quick Wins to Strengthen Your Azure AD Security
Every organization strives to reduce the attack surface of their infrastructure to make it secure and reliable. As team members of the Microsoft Global Compromise Recovery Security Practice (CRSP), we’ve seen time and time again that by improving the ... continue reading
Latest Microsoft Entra advancements strengthen identity security
If you read behind the attention-grabbing headlines, most novel techniques rely on compromised identities.1 In fact, of all the ways an attacker can get into your digital estate, identity compromise is still the most common.2 This makes identity your first ... continue reading

DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit
Adversary-in-the-middle (AiTM) phishing kits are part of an increasing trend that is observed supplanting many other less advanced forms of phishing. AiTM phishing is capable of circumventing multifactor authentication (MFA) through reverse-proxy functionality. DEV-1101 is an actor tracked by Microsoft ... continue reading