US Department of Labor’s journey to Zero Trust security with Microsoft Entra ID
Discover how the US Department of Labor enhanced security and modernized authentication with Microsoft Entra ID and phishing-resistant authentication.
Storm-2372 conducts device code phishing campaign
Microsoft Threat Intelligence Center discovered an active and successful device code phishing campaign by a threat actor we track as Storm-2372. Our ongoing investigation indicates that this campaign has been active since August 2024 with the actor creating lures that resemble messaging app experiences including WhatsApp, Signal, and Microsoft Teams.
File hosting services misused for identity phishing
Since mid-April 2024, Microsoft has observed an increase in defense evasion tactics used in campaigns abusing file hosting services like SharePoint, OneDrive, and Dropbox. These campaigns use sophisticated techniques to perform social engineering, evade detection, and compromise identities, and include business email compromise (BEC) attacks.
Midnight Blizzard: Guidance for responders on nation-state attack
The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access.
5 ways to secure identity and access for 2024
To confidently secure identity and access at your organization, here are five areas Microsoft recommends prioritizing in the new year.
Threat actors misuse OAuth applications to automate financially driven attacks
Microsoft Threat Intelligence presents cases of threat actors misusing OAuth applications as automation tools in financially motivated attacks.
Automatic Conditional Access policies in Microsoft Entra streamline identity protection
To help our customers be secure by default, we’re rolling out Microsoft managed Conditional Access policies that will automatically protect tenants.
Microsoft Entra expands into Security Service Edge and Azure AD becomes Microsoft Entra ID
Microsoft Entra is unifying identity and network access with a new Security Service Edge (SSE) solution and more identity innovations.