Microsoft 365
Microsoft: Windows 365 update blocks access to Cloud PC sessions
Microsoft confirmed that a recent Windows 365 update is blocking customers from accessing their Microsoft 365 Cloud PC sessions. Windows 365 is a cloud-based service that runs on Azure Virtual Desktop and allows enterprise customers to stream Windows Cloud PCs to end users under Windows 365 Enterprise or Windows 365 Business subscriptions. The incident began […]
Microsoft to enforce MFA for Microsoft 365 admin center sign-ins
Microsoft will start enforcing multi-factor authentication (MFA) for all users accessing the Microsoft 365 admin center starting next month. While MFA requirements for the admin center began rolling out in February 2025, Microsoft will now enforce this for all users and block those without MFA enabled from signing in to the Microsoft 365 administrative portal […]
Microsoft cancels plans to rate limit Exchange Online bulk emails
Microsoft announced today that it has canceled plans to impose a daily limit of 2,000 external recipients on Exchange Online bulk email senders. The change was announced in April 2024, when Microsoft said that it would add new External Recipient Rate (ERR) limits starting January 2025 to fight spam, with plans to begin enforcing the limit on […]
Microsoft Teams to let admins block external users via Defender portal
Microsoft announced that security administrators will soon be able to block external users from sending messages, calls, or meeting invitations to members of their organization via Teams. The new feature will start rolling out in early January, integrating Microsoft Teams with Defender for Office 365, and enabling admins to manage blocked external contacts through the […]
Nigeria arrests dev of Microsoft 365 ‘Raccoon0365’ phishing platform
The Nigerian police arrested three individuals linked to targeted Microsoft 365 cyberattacks via Raccoon0365 phishing platform. The attacks led to business email compromise, data breaches, and financial losses affecting organizations worldwide. The law enforcement operation was possible thanks to intelligence from Microsoft, shared with the Nigeria Police Force National Cybercrime Centre (NPF–NCCC) via the FBI. The […]
Microsoft 365 accounts targeted in wave of OAuth phishing attacks
Multiple threat actors are compromising Microsoft 365 accounts in phishing attacks that leverage the OAuth device code authorization mechanism. Attackers trick victims into entering a device code on Microsoft’s legitimate device login page, unknowingly authorizing an attacker-controlled application and granting them access to the target account without stealing credentials or bypassing multi-factor authentication (MFA). Although the […]
Microsoft to block Exchange Online access for outdated mobile devices
Microsoft announced on Monday that it will soon block mobile devices running outdated email software from accessing Exchange Online services until they’re updated. As the Exchange Team explained, devices running Exchange ActiveSync versions below 16.1 will no longer be able to connect to Microsoft’s cloud email service after March 1, 2026. Exchange ActiveSync (EAS) is a Microsoft Exchange […]
Microsoft 365 license check bug blocks desktop app downloads
Microsoft is investigating and working to resolve a known issue that prevents customers from downloading Microsoft 365 desktop apps from the Microsoft 365 homepage. As detailed in a Wednesday incident report (OP1192004) seen by GeekFeed, this bug has been impacting users since November 2nd, causing Office Client issues for affected customers. Microsoft has already developed […]
Microsoft is speeding up the Teams desktop client for Windows
Microsoft says it will add a new Teams call handler beginning in January 2026 to reduce launch times and boost call performance for the Windows desktop client. A new process, ms-teams_modulehost.exe, will be used after rollout to handle calling features under the primary ms-teams.exe app process, according to Microsoft. “We’re improving the performance and startup […]
Sneaky2FA PhaaS kit now uses redteamers’ Browser-in-the-Browser attack
The Sneaky2FA phishing-as-a-service (PhaaS) kit has added browser-in-the-browser (BitB) capabilities that are used in attacks to steal Microsoft credentials and active sessions. Sneaky2FA is a widely used PhaaS platform right now, alongside Tycoon2FA and Mamba2FA, all targeting primarily Microsoft 365 accounts. The kit was known for its SVG-based attacks and attacker-in-the-middle (AitM) tactics, where the authentication process is […]