Authentication
Microsoft 365 to block file access via legacy auth protocols by default
Microsoft has announced that it will start updating security defaults for all Microsoft 365 tenants in July to block access to SharePoint, OneDrive, and Office files via legacy authentication protocols. These changes will also address application access permissions that can expose organizations to unnecessary security risks. The rollout is set to begin in mid-July 2025, […]
Microsoft confirms auth issues affecting Microsoft 365 users
Microsoft is investigating an ongoing incident that is causing users to experience errors with some Microsoft 365 authentication features. As the company revealed earlier today in an incident alert published in the admin center, users may experience errors during self-service password resets and when viewing or registering authentication methods in MySignIns, while admins may be unable to add multi-factor authentication […]
Microsoft fixes Windows Server auth issues caused by April updates
Microsoft has fixed a known issue causing authentication problems on Windows Server domain controllers after installing the April 2025 security updates. Platforms affected by these problems include Windows Server 2016, Windows Server 2019, Windows Server 2022, and the latest version, Windows Server 2025. However, as Microsoft further explained when it acknowledged this known issue in early […]
Ivanti warns of critical Neurons for ITSM auth bypass flaw
Ivanti has released security updates for its Neurons for ITSM IT service management solution that mitigate a critical authentication bypass vulnerability. Tracked as CVE-2025-22462, the security flaw can let unauthenticated attackers gain administrative access to unpatched systems in low-complexity attacks, depending on system configuration. As the company highlighted in a security advisory released today, organizations […]
Microsoft: April updates cause Windows Server auth issues
Microsoft says the April 2025 security updates are causing authentication issues on some Windows Server 2025 domain controllers. The list of impacted platforms includes Windows Server 2016, Windows Server 2019, Windows Server 2022, and the latest version, Windows Server 2025. However, as the company further explained, home users are unlikely to be affected by this […]
Microsoft makes all new accounts passwordless by default
Microsoft has announced that all new Microsoft accounts will be “passwordless by default” to secure them against password attacks such as phishing, brute force, and credential stuffing. The announcement comes after the company started rolling out updated sign-in and sign-up user experience (UX) flows for web and mobile apps in March, optimized for passwordless and passkey-first authentication. […]
Microsoft fixes auth issues on Windows Server, Windows 11 24H2
Microsoft has fixed a known issue causing authentication problems when Credential Guard is enabled on systems using the Kerberos PKINIT pre-auth security protocol. According to Redmond, these authentication issues impact both client (Windows 11, version 24H2) and server (Windows Server 2025) platforms, albeit only in some niche scenarios. On affected systems, users experience problems because […]
Microsoft links recent Microsoft 365 outage to buggy update
Microsoft says a coding issue is behind a now-resolved Microsoft 365 outage over the weekend that affected Outlook and Exchange Online authentication. According to an incident report published in the Microsoft 365 admin center on Saturday at 09:29 PM UTC, the incident also triggered Teams and Power Platform degraded functionality and caused Purview access issues and errors. […]
Microsoft fixes Entra ID authentication issue caused by DNS change
Microsoft has fixed an issue that caused Entra ID DNS authentication failures when using the company’s Seamless SSO and Microsoft Entra Connect Sync. In an update to its Azure status page, Microsoft says these problems were caused by a recent DNS change that triggered DNS resolution failures for the autologon.microsoftazuread.sso.com domain when customers tried to […]
Microsoft: Hackers steal emails in device code phishing attacks
An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365 accounts of individuals at organizations of interest using device code phishing. The targets are in the government, NGO, IT services and technology, defense, telecommunications, health, and energy/oil and gas sectors in Europe, North America, Africa, and the Middle East. Microsoft Threat Intelligence Center tracks the threat […]