https://security.libredevops.orgAggregated Microsoft security news and advisoriesMicrosoft Security News FeedenMon, 18 May 2026 20:05:17 GMThttps://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/agent-365-connector-monitor-hunt-and-investigate-ai-agent/ba-p/4520836https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/agent-365-connector-monitor-hunt-and-investigate-ai-agent/ba-p/4520836As enterprises scale the use of AI agents, SOC teams need visibility into AI agent behavior. The Agent 365 connector, now in public preview, streams rich agent telemetry from Agent 365 into Microsoft Sentinel data lake. Agent activity, such as agent data exposure or access drift, is surfaced...RGuptaMicrosoft SentinelAI SecuritySecurity OperationsAI SecurityGovernance / ComplianceSIEM / XDREndpoint SecurityIdentity SecurityMon, 18 May 2026 16:05:15 GMThttps://www.microsoft.com/en-us/security/blog/2026/05/18/how-to-better-protect-your-growing-business-in-an-ai-powered-world/https://www.microsoft.com/en-us/security/blog/2026/05/18/how-to-better-protect-your-growing-business-in-an-ai-powered-world/See how built-in security helps keep your growing business running, protect customer trust, and support growth. The post How to better protect your growing business in an AI-powered world appeared first on Microsoft Security Blog.Alym RayaniGeneral SecurityGeneral SecurityMon, 18 May 2026 16:00:00 GMThttps://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/introducing-selective-response-actions-for-high-value-assets-in/ba-p/4512175https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/introducing-selective-response-actions-for-high-value-assets-in/ba-p/4512175Deploying Microsoft Defender on high-value assets (HVAs) such as domain controllers, ADFS servers, and other Tier-0 systems, requires a thoughtful approach to balance strong protection with operational stability. Given the powerful response capabilities available, organizations often seek greater...amibarayevMicrosoft Defender for EndpointEndpoint SecurityGovernance / ComplianceMon, 18 May 2026 15:50:40 GMThttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32185https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32185The security update for Microsoft Teams for Android is not immediately available. Customers running affected Microsoft Teams for would need to install the update to be protected from this vulnerability, once the update becomes available.MicrosoftMicrosoft Security Response CenterVulnerability ManagementMon, 18 May 2026 14:00:00 GMThttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42897https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42897Updated FAQ information. This is an informational change only.MicrosoftMicrosoft Security Response CenterVulnerability ManagementMon, 18 May 2026 14:00:00 GMThttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42822https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42822Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.MicrosoftMicrosoft Security Response CenterVulnerability ManagementMon, 18 May 2026 14:00:00 GMThttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32177https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32177Update the Security Updates table to remove incorrectly added softwareMicrosoftMicrosoft Security Response CenterVulnerability ManagementMon, 18 May 2026 14:00:00 GMThttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43308https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43308Information published.MicrosoftMicrosoft Security Response CenterVulnerability ManagementMon, 18 May 2026 08:39:12 GMThttps://techcommunity.microsoft.com/t5/core-infrastructure-and-security/build-a-local-microsoft-sentinel-triage-agent-in-vs-code-copilot/ba-p/4520486https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/build-a-local-microsoft-sentinel-triage-agent-in-vs-code-copilot/ba-p/4520486Modern SOC work is not limited by data—it’s limited by the friction of collecting it. This post shows a local-first workflow that lets you investigate Microsoft Sentinel incidents from inside VS Code using GitHub Copilot Chat for reasoning and a small, deterministic MCP toolset for evidence...absharanMicrosoft EntraMicrosoft SentinelIdentity SecuritySIEM / XDRThreat IntelligenceSecurity OperationsMon, 18 May 2026 04:28:02 GMThttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8328https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8328Information published.MicrosoftMicrosoft Security Response CenterVulnerability ManagementSun, 17 May 2026 08:01:51 GMThttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8368https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8368Information published.MicrosoftMicrosoft Security Response CenterVulnerability ManagementSun, 17 May 2026 08:01:34 GMThttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7210https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7210Information published.MicrosoftMicrosoft Security Response CenterVulnerability ManagementSun, 17 May 2026 08:01:28 GMThttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44283https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44283Information published.MicrosoftMicrosoft Security Response CenterVulnerability ManagementSun, 17 May 2026 08:01:23 GMThttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46483https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46483Information published.MicrosoftMicrosoft Security Response CenterVulnerability ManagementSun, 17 May 2026 08:01:17 GMThttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44662https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44662Information published.MicrosoftMicrosoft Security Response CenterVulnerability ManagementSat, 16 May 2026 08:05:37 GMThttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42946https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42946Information published.MicrosoftMicrosoft Security Response CenterVulnerability ManagementSat, 16 May 2026 08:05:06 GMThttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42934https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42934Information published.MicrosoftMicrosoft Security Response CenterVulnerability ManagementSat, 16 May 2026 08:04:55 GMThttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40460https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40460Information published.MicrosoftMicrosoft Security Response CenterVulnerability ManagementSat, 16 May 2026 08:04:45 GMThttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6477https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6477Information published.MicrosoftMicrosoft Security Response CenterVulnerability ManagementSat, 16 May 2026 08:04:33 GMThttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6637https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6637Information published.MicrosoftMicrosoft Security Response CenterVulnerability ManagementSat, 16 May 2026 08:04:28 GMThttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6638https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6638Information published.MicrosoftMicrosoft Security Response CenterVulnerability ManagementSat, 16 May 2026 08:04:06 GMThttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6473https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6473Information published.MicrosoftMicrosoft Security Response CenterVulnerability ManagementSat, 16 May 2026 08:04:00 GMThttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6478https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6478Information published.MicrosoftMicrosoft Security Response CenterVulnerability ManagementSat, 16 May 2026 08:03:55 GMThttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44673https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44673Information published.MicrosoftMicrosoft Security Response CenterVulnerability ManagementSat, 16 May 2026 08:03:48 GMThttps://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/how-microsoft-defender-used-predictive-shielding-to-proactively/ba-p/4519498https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/how-microsoft-defender-used-predictive-shielding-to-proactively/ba-p/4519498Modern ransomware attacks are increasingly designed to blend in with normal IT operations, using trusted administrative tools to quietly weaken defenses and distribute malicious payloads at scale. In a recent real‑world incident, a human‑operated ransomware actor attempted to do exactly that by...AvivSharonMicrosoft Defender for EndpointEndpoint SecurityThu, 14 May 2026 17:01:07 GMThttps://www.microsoft.com/en-us/security/blog/2026/05/14/defense-in-depth-autonomous-ai-agents/https://www.microsoft.com/en-us/security/blog/2026/05/14/defense-in-depth-autonomous-ai-agents/As AI agents gain autonomy, defense in depth must evolve, with application-layer design, identity, and human oversight at the center. The post Defense in depth for autonomous AI agents appeared first on Microsoft Security Blog.Alyssa Ofstein and Elliot H OmiyaGeneral SecurityIdentity SecurityThu, 14 May 2026 16:00:00 GMThttps://www.microsoft.com/en-us/security/blog/2026/05/14/kazuar-anatomy-of-a-nation-state-botnet/https://www.microsoft.com/en-us/security/blog/2026/05/14/kazuar-anatomy-of-a-nation-state-botnet/Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused operations. Over time, Kazuar has expanded from a relatively traditional backdoor into a highly modular...Microsoft Threat IntelligenceGeneral SecurityThreat IntelligenceThu, 14 May 2026 15:00:00 GMThttps://www.microsoft.com/en-us/security/blog/2026/05/14/configuration-becomes-vulnerability-exploitable-misconfigurations-ai-apps/https://www.microsoft.com/en-us/security/blog/2026/05/14/configuration-becomes-vulnerability-exploitable-misconfigurations-ai-apps/Exposed UIs, weak authentication, and risky defaults could turn cloud-native AI apps on Kubernetes into potential targets by threat actors. Learn how exploitable misconfigurations lead to RCE and data leaks. The post When configuration becomes a vulnerability: Exploitable misconfigurations in AI...Microsoft Defender Security Research Team and Yossi WeizmanGeneral SecurityVulnerability ManagementThu, 14 May 2026 14:20:55 GMThttps://techcommunity.microsoft.com/t5/core-infrastructure-and-security/tls-certificate-pinning-and-best-practices-in-azure-open-source/ba-p/4519531https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/tls-certificate-pinning-and-best-practices-in-azure-open-source/ba-p/4519531TLS certificate pinning in Azure Database for PostgreSQL and MySQL Transport Layer Security (TLS) encrypts data in transit between client applications and the server and authenticates the service endpoint in client-server authentication. Azure Database server certificates are issued by well-known...TameikaLGeneral SecurityIdentity SecurityEndpoint SecurityGovernance / ComplianceThu, 14 May 2026 00:53:22 GMThttps://techcommunity.microsoft.com/t5/core-infrastructure-and-security/check-this-out-cto-guide-april-2026/ba-p/4519149https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/check-this-out-cto-guide-april-2026/ba-p/4519149Member: TysonPaul | Microsoft Community Hub Announcing Public Preview for Essential Machine Management Team Blog: Azure Governance and Management Author: Meagan McCrory Published: 04/06/2026 Summary: Microsoft has announced the public preview of Essential Machine Management within Azure’s Compute...TysonPaulMicrosoft IntuneMicrosoft EntraIdentity SecurityIncident ResponseGovernance / ComplianceThreat IntelligenceEndpoint SecuritySecurity OperationsVulnerability ManagementWed, 13 May 2026 03:25:05 GMThttps://www.microsoft.com/en-us/security/blog/2026/05/12/accelerating-detection-engineering-using-ai-assisted-synthetic-attack-logs-generation/https://www.microsoft.com/en-us/security/blog/2026/05/12/accelerating-detection-engineering-using-ai-assisted-synthetic-attack-logs-generation/What if you could generate realistic attack telemetry on demand? Explore research methods that translate attacker behaviors (TTPs) into synthetic logs that can trigger detections at scale and without sensitive data. The post Accelerating detection engineering using AI-assisted synthetic attack logs...Microsoft Defender Security Research TeamGeneral SecuritySecurity OperationsTue, 12 May 2026 22:53:09 GMThttps://www.microsoft.com/en-us/security/blog/2026/05/12/defense-at-ai-speed-microsofts-new-multi-model-agentic-security-system-tops-leading-industry-benchmark/https://www.microsoft.com/en-us/security/blog/2026/05/12/defense-at-ai-speed-microsofts-new-multi-model-agentic-security-system-tops-leading-industry-benchmark/Today Microsoft is announcing a major step forward in AI-powered cyber defense: a new multi-model agentic scanning harness (codenamed MDASH). The post Defense at AI speed: Microsoft’s new multi-model agentic security system tops leading industry benchmark appeared first on Microsoft Security Blog.Taesoo KimGeneral SecurityGeneral SecurityTue, 12 May 2026 22:00:00 GMThttps://www.microsoft.com/en-us/security/blog/2026/05/12/defending-consumer-web-properties-against-modern-ddos-attacks/https://www.microsoft.com/en-us/security/blog/2026/05/12/defending-consumer-web-properties-against-modern-ddos-attacks/Read how to protect consumer websites and defend against modern DDoS attacks with layered security, resilient architecture, and graceful service degradation. The post Defending consumer web properties against modern DDoS attacks appeared first on Microsoft Security Blog.Kumar SrinivasamurthyGeneral SecurityGeneral SecurityTue, 12 May 2026 16:00:00 GMThttps://www.microsoft.com/en-us/security/blog/2026/05/12/undermining-the-trust-boundary-investigating-a-stealthy-intrusion-through-third-party-compromise/https://www.microsoft.com/en-us/security/blog/2026/05/12/undermining-the-trust-boundary-investigating-a-stealthy-intrusion-through-third-party-compromise/Microsoft Incident Response investigated an attack operated through legitimate and trusted administrative mechanisms to blend seamlessly into routine operations and remain undetected demonstrating that intrusions have increasingly avoided using noisy exploits, obvious malware, or custom tooling,...Microsoft Incident ResponseGeneral SecurityIncident ResponseThreat IntelligenceTue, 12 May 2026 15:00:00 GMThttps://techcommunity.microsoft.com/t5/core-infrastructure-and-security/triggering-azure-functions-from-blob-storage-using-event-grid/ba-p/4518184https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/triggering-azure-functions-from-blob-storage-using-event-grid/ba-p/4518184Overview Modern workloads increasingly rely on reacting to files as soon as they arrive in Azure Blob Storage. While Azure provides multiple ways to trigger computing from blob operations, choosing the right event-driven pattern is not always straightforward—especially in enterprise environments...AndrewCoughlinGeneral SecurityEndpoint SecurityMon, 11 May 2026 20:24:17 GMThttps://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-in-microsoft-sentinel-rsac-2026/ba-p/4503971https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-in-microsoft-sentinel-rsac-2026/ba-p/4503971Security is entering a new era, one defined by explosive data growth, increasingly sophisticated threats, and the rise of AI-enabled operations. To keep pace, security teams need an AI-powered approach to collect, reason over, and act on security data at scale. At RSA Conference 2026 (RSAC), we’re...spalaniMicrosoft SentinelMicrosoft PurviewMicrosoft EntraSIEM / XDRSecurity OperationsGovernance / ComplianceThreat IntelligenceIdentity SecurityEmail SecurityMon, 11 May 2026 16:13:09 GMThttps://www.microsoft.com/en-us/security/blog/2026/05/08/active-attack-dirty-frag-linux-vulnerability-expands-post-compromise-risk/https://www.microsoft.com/en-us/security/blog/2026/05/08/active-attack-dirty-frag-linux-vulnerability-expands-post-compromise-risk/Dirty Frag is a newly disclosed Linux local privilege escalation vulnerability affecting kernel networking and memory-fragment handling components including esp4, esp6, and rxrpc. The vulnerability enables reliable escalation from an unprivileged user to root and may be leveraged after initial...Microsoft Defender Security Research TeamGeneral SecurityVulnerability ManagementFri, 08 May 2026 17:12:46 GMThttps://www.microsoft.com/en-us/security/blog/2026/05/07/prompts-become-shells-rce-vulnerabilities-ai-agent-frameworks/https://www.microsoft.com/en-us/security/blog/2026/05/07/prompts-become-shells-rce-vulnerabilities-ai-agent-frameworks/New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these vulnerabilities work, what’s impacted, and how to secure your agents. The post When prompts become shells: RCE vulnerabilities in AI agent frameworks appeared first on Microsoft...Microsoft Defender Security Research Team, Uri Oren, Amit Eliahu and Dor EdryAI SecurityAI SecurityThu, 07 May 2026 20:22:39 GMThttps://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/better-together-with-azure-waf-microsoft-defender-for-storage/ba-p/4517101https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/better-together-with-azure-waf-microsoft-defender-for-storage/ba-p/4517101Authored by: Fernanda_Vela​ , saikishor​, Yura_Lee​ Reviewed by: YuriDiogenes​, Mohit_Kumar​, Amir_Dahan​, eitanbremler​ , Kitt_Weatherman​ Introduction Often, customers ask why additional workload protection is needed when a web application firewall is already in place. Azure Web Application...Yura_LeeMicrosoft Defender for CloudCloud SecurityThreat IntelligenceSecurity OperationsEmail SecurityIdentity SecurityWed, 06 May 2026 17:22:23 GMThttps://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/extending-sentinel-data-integration-azure-blob-storage-support/ba-p/4516896https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/extending-sentinel-data-integration-azure-blob-storage-support/ba-p/4516896As organizations scale their security operations, the ability to ingest, process, and analyze high volumes of data reliably becomes increasingly critical. Microsoft Sentinel continues to expand its ecosystem through the Codeless Connector Framework (CCF), enabling ISVs to build and deliver...JesseKopaviMicrosoft SentinelIncident ResponseSIEM / XDRSecurity OperationsTue, 05 May 2026 16:00:00 GMThttps://blogs.microsoft.com/blog/2026/05/05/how-frontier-firms-are-rebuilding-the-operating-model-for-the-age-of-ai/https://blogs.microsoft.com/blog/2026/05/05/how-frontier-firms-are-rebuilding-the-operating-model-for-the-age-of-ai/Updated May 11, 2026: The post was updated to reflect that third-party plugins will be available starting May 12, 2026. Spend time with any software engineering team right now and you’ll see something worth paying attention to. Over the last few years, the way software gets built has moved through...Jared SpataroGeneral SecurityGeneral SecurityTue, 05 May 2026 10:00:01 GMThttps://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-in-microsoft-sentinel-april-2026/ba-p/4516354https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-in-microsoft-sentinel-april-2026/ba-p/4516354Welcome to the April 2026 edition of What's new in Microsoft Sentinel. April brings a broad set of updates, with RSAC 2026 announcements rolling out alongside new features. Highlights include cost limit enforcement to prevent runaway query costs, curated open-source intelligence in Threat...vkokkengadaMicrosoft SentinelMicrosoft EntraSIEM / XDRSecurity OperationsIdentity SecurityThreat IntelligenceGovernance / ComplianceMon, 04 May 2026 21:55:19 GMThttps://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/microsoft-defender-for-cloud-customer-newsletter/ba-p/4516842https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/microsoft-defender-for-cloud-customer-newsletter/ba-p/4516842What's new in Defender for Cloud? Container runtime anti-malware detection and blocking and DNS Detection for Kubernetes is now GA in Defender for Containers for AKS, EKS, and GKE. Learn more about these announcements here and here. Defender for Storage integration in Azure Portal Storage Center...Yura_LeeMicrosoft Defender for CloudCloud SecurityThreat IntelligenceMon, 04 May 2026 16:47:10 GMThttps://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/monthly-news-may-2026/ba-p/4516764https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/monthly-news-may-2026/ba-p/4516764Microsoft DefenderMonthly news - May 2026 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from April 2026. We are now including...HeikeRitterMicrosoft Defender XDRMicrosoft Defender for IdentityMicrosoft Defender for EndpointMicrosoft SentinelMicrosoft Defender for Office 365Microsoft EntraMicrosoft Defender for CloudMicrosoft PurviewSIEM / XDREndpoint SecurityCloud SecurityVulnerability ManagementEmail SecurityGovernance / ComplianceIdentity SecuritySecurity OperationsMon, 04 May 2026 15:24:34 GMThttps://techcommunity.microsoft.com/t5/core-infrastructure-and-security/purpose-for-your-pki-practical-pki-part-3/ba-p/4512518https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/purpose-for-your-pki-practical-pki-part-3/ba-p/4512518My name is Ron Arestia, and I am a Security Researcher with Microsoft’s Detection and Response Team (DART). We respond to customer cybersecurity incidents to assist with containment and recovery from threat actors. In this brief blog post, we will discuss the “why” behind your PKI. This is part 3...RonArestiaGeneral SecurityIdentity SecurityEndpoint SecurityIncident ResponseThreat IntelligenceMon, 04 May 2026 04:00:00 GMThttps://techcommunity.microsoft.com/t5/azure-network-security-blog/public-preview-managed-identity-support-for-graphical-session/ba-p/4513139https://techcommunity.microsoft.com/t5/azure-network-security-blog/public-preview-managed-identity-support-for-graphical-session/ba-p/4513139Overview Azure Bastion provides secure RDP and SSH access to Azure virtual machines directly via the Azure portal or via the native SSH/RDP client already installed on your local computer. Today, we are introducing public preview for managed identity support for session recording, giving...aarontsangMicrosoft EntraIdentity SecurityThu, 30 Apr 2026 14:05:12 GMThttps://techcommunity.microsoft.com/t5/core-infrastructure-and-security/hardening-openclaw-on-aks-mitigating-container-escapes-with-kata/ba-p/4516030https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/hardening-openclaw-on-aks-mitigating-container-escapes-with-kata/ba-p/4516030What is OpenClaw, and what security challenges does it pose with container escapes? OpenClaw is an open-source autonomous AI agent designed for power users and developers to automate tasks, such as managing emails, files, and scheduling via chat apps like WhatsApp or Telegram. While OpenClaw...jianshnAI SecurityVulnerability ManagementAI SecurityIdentity SecurityEndpoint SecurityThu, 30 Apr 2026 01:57:02 GMThttps://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/use-data-wrangler-to-streamline-your-microsoft-sentinel-data/ba-p/4490214https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/use-data-wrangler-to-streamline-your-microsoft-sentinel-data/ba-p/4490214One of the many exciting features of the Microsoft Sentinel data lake is a built-in advanced analytics engine, powered by Apache Spark. This Spark cluster has access to data that is within Sentinel data lake, and can work with this data through Jupyter notebooks in Visual Studio Code. As with any...David HoersterMicrosoft SentinelMicrosoft Security CopilotAI SecuritySIEM / XDRIdentity SecuritySecurity OperationsWed, 29 Apr 2026 19:18:17 GMThttps://techcommunity.microsoft.com/t5/microsoft-defender-for-office/granular-email-content-access-with-unified-rbac-now-the-default/ba-p/4505344https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/granular-email-content-access-with-unified-rbac-now-the-default/ba-p/4505344Email investigations are a key part of detecting and responding to phishing and malware. As security workflows continue to evolve, there is an increasing need to align email content visibility more closely with specific roles and scenarios, such as Tier‑1 analysis or specialized workflows like...VipulPandeyMicrosoft Defender for Office 365Microsoft EntraEmail SecurityIncident ResponseSecurity OperationsIdentity SecurityThreat IntelligenceEndpoint SecurityWed, 29 Apr 2026 16:00:00 GMThttps://techcommunity.microsoft.com/t5/core-infrastructure-and-security/how-to-manage-rc4-hardening-definitive-guide/ba-p/4515923https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/how-to-manage-rc4-hardening-definitive-guide/ba-p/4515923How to Manage RC4 Hardening – Definitive Guide This article is a technical continuation of the RC4 deprecation / Kerberos hardening work I covered in my previous article last month. If you already went through the “why” (risk of RC4, what changes Microsoft is rolling out, and the high-level...Elanor92General SecurityVulnerability ManagementIdentity SecuritySIEM / XDRWed, 29 Apr 2026 15:59:22 GMThttps://techcommunity.microsoft.com/t5/azure-network-security-blog/general-availability-of-default-ruleset-drs-2-2-for-web/ba-p/4515762https://techcommunity.microsoft.com/t5/azure-network-security-blog/general-availability-of-default-ruleset-drs-2-2-for-web/ba-p/4515762Introduction As attackers continue to evolve their techniques, organizations require web application security that keeps pace with emerging threats without disrupting legitimate traffic. Azure Web Application Firewall (WAF) continues to evolve to meet these demands and now supports Default Rule Set...andrewmathuGeneral SecurityThreat IntelligenceWed, 29 Apr 2026 08:31:47 GMThttps://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/automating-phishing-email-triage-with-microsoft-security-copilot/ba-p/4416559https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/automating-phishing-email-triage-with-microsoft-security-copilot/ba-p/4416559This blog details automating phishing email triage using Azure Logic Apps, Azure Function Apps, and Microsoft Security Copilot. Deployable in under 10 minutes, this solution primarily analyzes email intent without relying on traditional indicators of compromise, accurately classifying benign/junk,...craigfreyman-msftMicrosoft Defender for Office 365Microsoft Security CopilotMicrosoft SentinelEmail SecurityAI SecuritySIEM / XDRSecurity OperationsGovernance / ComplianceWed, 29 Apr 2026 03:50:49 GMThttps://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/monthly-news-january-2026/ba-p/4484885https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/monthly-news-january-2026/ba-p/4484885Microsoft DefenderMonthly news - January 2026 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from December 2025. Defender for...HeikeRitterMicrosoft Defender for Office 365Microsoft Defender XDRMicrosoft Defender for CloudMicrosoft Defender for Cloud AppsMicrosoft Defender for EndpointMicrosoft Defender for IdentityMicrosoft IntuneMicrosoft SentinelEmail SecuritySIEM / XDREndpoint SecurityCloud SecuritySecurity OperationsThreat IntelligenceIdentity SecurityVulnerability ManagementTue, 28 Apr 2026 23:33:54 GMThttps://techcommunity.microsoft.com/t5/microsoft-defender-for-office/microsoft-ignite-2025-transforming-phishing-response-with/ba-p/4470791https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/microsoft-ignite-2025-transforming-phishing-response-with/ba-p/4470791Phishing attacks remain one of the most persistent and damaging threats to organizations worldwide. Security teams are under constant pressure to investigate a growing number of user reported phishing emails daily, ensuring accurate verdicts and timely responses. As threats grow in volume and...JeffreyPinkstonMicrosoft Defender for Office 365Microsoft Security CopilotEmail SecurityAI SecuritySecurity OperationsIdentity SecurityTue, 28 Apr 2026 23:31:24 GMThttps://blogs.microsoft.com/blog/2026/04/28/unlocking-human-ambition-to-drive-business-growth-with-ai/https://blogs.microsoft.com/blog/2026/04/28/unlocking-human-ambition-to-drive-business-growth-with-ai/As our customers progress toward becoming Frontier Firms, they are using AI not only to optimize how work gets done, but to reinvent their business on the promise of growth. Organizations can now unlock creativity, accelerate innovation and democratize intelligence by bringing Copilots and agents...Judson AlthoffGeneral SecurityGeneral SecurityTue, 28 Apr 2026 17:34:47 GMThttps://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/microsoft-defender-new-advanced-hunting-enhancements/ba-p/4514654https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/microsoft-defender-new-advanced-hunting-enhancements/ba-p/4514654Co-author: Jeremy Tan As a security analyst who actively hunts for critical threats, one of the most frustrating things that can happen is hitting a limit mid-query or encounter an experience that doesn’t behave as expected. The resulting friction and time spent troubleshooting or navigating takes...Noa_NutkevitchMicrosoft Defender XDRMicrosoft SentinelSIEM / XDRIncident ResponseSecurity OperationsTue, 28 Apr 2026 16:45:15 GMThttps://techcommunity.microsoft.com/t5/core-infrastructure-and-security/extracting-and-auditing-azure-devops-permissions-at-scale-with/ba-p/4515274https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/extracting-and-auditing-azure-devops-permissions-at-scale-with/ba-p/4515274Introduction Azure DevOps organizations accumulate permissions over time. Groups are created, users are added, Entra (Azure AD) groups are nested into project groups, and team structures evolve. For organizations subject to compliance requirements, security reviews, or simply wanting to understand...skisselMicrosoft EntraIdentity SecurityGovernance / ComplianceEndpoint SecurityTue, 28 Apr 2026 06:38:27 GMThttps://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/assess-secure-boot-status-with-microsoft-defender/ba-p/4510356https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/assess-secure-boot-status-with-microsoft-defender/ba-p/4510356Understanding the Secure Boot certificate challenge Secure Boot is a foundational security feature that validates the integrity of your device's boot process, ensuring only trusted software can run during system startup. This protection has been quietly defending enterprise devices since 2012, but...amitcohenMicrosoft Defender for EndpointEndpoint SecurityMon, 27 Apr 2026 16:38:22 GMThttps://blogs.microsoft.com/blog/2026/04/27/microsoft-sovereign-private-cloud-scales-to-thousands-of-nodes-with-azure-local/https://blogs.microsoft.com/blog/2026/04/27/microsoft-sovereign-private-cloud-scales-to-thousands-of-nodes-with-azure-local/Today, I am pleased to announce that Azure Local now scales to support deployments of up to thousands of servers within a single sovereign environment, allowing organizations to run much larger workloads locally across large-footprint datacenters, industrial environments and edge locations while...Douglas PhillipsGeneral SecurityGeneral SecurityMon, 27 Apr 2026 16:00:03 GMThttps://blogs.microsoft.com/blog/2026/04/27/the-next-phase-of-the-microsoft-openai-partnership/https://blogs.microsoft.com/blog/2026/04/27/the-next-phase-of-the-microsoft-openai-partnership/Amended Agreement Provides Long-Term Clarity The rapid pace of innovation requires us to continue to evolve our partnership to benefit our customers and both companies. Today, we are announcing an amended agreement to simplify our partnership and the way we work together, grounded in flexibility,...Microsoft Corporate BlogsGeneral SecurityGeneral SecurityMon, 27 Apr 2026 13:00:02 GMThttps://techcommunity.microsoft.com/t5/core-infrastructure-and-security/designing-outbound-connectivity-for-quot-private-subnets-quot-in/ba-p/4514258https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/designing-outbound-connectivity-for-quot-private-subnets-quot-in/ba-p/4514258Why Private Subnets Change Everything Historically, Azure virtual machines relied on default outbound internet access, where the platform automatically assigned a dynamic SNAT IP from a shared pool. This was convenient but problematic: ❌ No deterministic outbound IP addresses ❌ No traffic...alexeyn1Microsoft SentinelGovernance / ComplianceSIEM / XDRSecurity OperationsThreat IntelligenceThu, 23 Apr 2026 21:28:09 GMThttps://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/introducing-the-microsoft-sentinel-training-lab-hands-on/ba-p/4513274https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/introducing-the-microsoft-sentinel-training-lab-hands-on/ba-p/4513274A huge thanks to Paul Kew - this lab wouldn't have been possible without his contributions. Security operations is one of those things that’s hard to learn from slides alone. You need to feel what it’s like to triage a multi-stage incident, tune a noisy detection rule, or trace an attacker pivoting...AndreasKapetaniouMicrosoft Defender XDRMicrosoft SentinelSecurity OperationsSIEM / XDRThreat IntelligenceEndpoint SecurityEmail SecurityIdentity SecurityThu, 23 Apr 2026 08:50:24 GMThttps://techcommunity.microsoft.com/t5/microsoft-defender-for-office/declutter-and-defend-reducing-promotional-mail-noise-with/ba-p/4511732https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/declutter-and-defend-reducing-promotional-mail-noise-with/ba-p/4511732Enterprise inboxes are overwhelmed with graymail — legitimate, bulk email like newsletters, vendor promotions, and product updates that isn't malicious but buries the messages that matter. When high volumes of these mails land in the inbox, it crowds out priority communications and can dull...FaithEbenezerOquongMicrosoft Defender for Office 365Email SecurityGovernance / ComplianceThu, 23 Apr 2026 03:59:21 GMThttps://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/microsoft-sentinel-mcp-server-with-external-ai-models-claude-for/ba-p/4507013https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/microsoft-sentinel-mcp-server-with-external-ai-models-claude-for/ba-p/4507013Security teams are increasingly exploring how AI assistants support them in investigating incidents, asking questions, and exploring their data. At the same time, controlling how data is accessed remains critical. Today, we’re sharing how Sentinel can support a third-party AI assistant like Claude...mcasgrainMicrosoft EntraMicrosoft SentinelIdentity SecuritySIEM / XDRSecurity OperationsWed, 22 Apr 2026 21:35:29 GMThttps://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/from-alert-overload-to-decisive-action-how-security-copilot/ba-p/4504213https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/from-alert-overload-to-decisive-action-how-security-copilot/ba-p/4504213Security and IT teams operate in a constant stream of alerts, incidents, and investigations. As environments expand across identities, endpoints, cloud, and data, the challenge becomes clear: identifying real risk quickly enough to act. Security Copilot agents bring AI directly into the flow of...Lizzie_HeinzeMicrosoft EntraMicrosoft IntuneMicrosoft PurviewMicrosoft Security CopilotMicrosoft Defender for EndpointMicrosoft SentinelIdentity SecurityEndpoint SecurityThreat IntelligenceAI SecurityGovernance / ComplianceSIEM / XDRSecurity OperationsEmail SecurityVulnerability ManagementTue, 21 Apr 2026 22:55:44 GMThttps://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/automate-cybersecurity-at-scale-with-microsoft-security-copilot/ba-p/4394675https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/automate-cybersecurity-at-scale-with-microsoft-security-copilot/ba-p/4394675When we introduced Microsoft Security Copilot last year, we set out to transform the way defenders approach cybersecurity. As one of the industry's first generative AI solutions for security and IT teams, Security Copilot is empowering teams to catch what others miss, respond faster, and strengthen...Dorothy_LiMicrosoft IntuneMicrosoft PurviewMicrosoft Security CopilotMicrosoft EntraSecurity OperationsGovernance / ComplianceThreat IntelligenceAI SecurityIdentity SecurityEmail SecurityEndpoint SecurityVulnerability ManagementTue, 21 Apr 2026 22:29:17 GMThttps://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/security-copilot-for-soc-bringing-agentic-ai-to-every-defender/ba-p/4470187https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/security-copilot-for-soc-bringing-agentic-ai-to-every-defender/ba-p/4470187Cybersecurity has entered an era of relentless complexity. As threat actors increasingly leverage artificial intelligence to automate attacks, evade detection, and scale their tactics, defenders are challenged to keep up. In this new era, security operations centers (SOCs) must transform to not...cristinadagamahMicrosoft Defender XDRMicrosoft Security CopilotMicrosoft SentinelSecurity OperationsSIEM / XDRThreat IntelligenceAI SecurityEmail SecurityGovernance / ComplianceIdentity SecurityIncident ResponseTue, 21 Apr 2026 19:32:47 GMThttps://blogs.microsoft.com/blog/2026/04/21/accelerating-frontier-transformation-with-microsoft-partners/https://blogs.microsoft.com/blog/2026/04/21/accelerating-frontier-transformation-with-microsoft-partners/AI has moved quickly from experimentation to production. Customers want measurable business outcomes, along with security, governance and responsible AI built in from day one. Microsoft partners are a meaningful differentiator to deliver these objectives. They turn ideas into deployable solutions...Nicole DezenGeneral SecurityGeneral SecurityTue, 21 Apr 2026 17:00:03 GMThttps://techcommunity.microsoft.com/t5/core-infrastructure-and-security/strengthening-identity-resilience-a-deep-dive-into-microsoft/ba-p/4513401https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/strengthening-identity-resilience-a-deep-dive-into-microsoft/ba-p/4513401In the modern security landscape, we often say that "Identity is the new perimeter." We spend significant resources on Conditional Access, Phishing-Resistant MFA, and Identity Protection to keep the "bad guys" out. But what happens when the threat is already inside, or when a legitimate...FarooqueMicrosoft EntraIdentity SecurityEmail SecurityTue, 21 Apr 2026 14:49:07 GMThttps://techcommunity.microsoft.com/t5/core-infrastructure-and-security/running-multimedia-ai-models-on-container-apps-with-serverless/ba-p/4513063https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/running-multimedia-ai-models-on-container-apps-with-serverless/ba-p/4513063A video format is available for watching. Prerequisites - An Azure account with sufficient permissions to create resources. - Terraform installed on your local machine. Infrastructure Provisioning Clone the Github repository and navigate to the project directory. Initialize Terraform and apply the...HoussemDellaiGeneral SecurityEndpoint SecurityIdentity SecurityMon, 20 Apr 2026 17:14:39 GMThttps://techcommunity.microsoft.com/t5/core-infrastructure-and-security/what-changed-in-rc4-with-the-january-2026-windows-update-and-why/ba-p/4504732https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/what-changed-in-rc4-with-the-january-2026-windows-update-and-why/ba-p/4504732In case you haven’t heard, RC4 is not secure and has been deprecated. In this article, I will discuss what changed with the January 2026 Windows Update and why it is important to start auditing and remediate RC4 usage is your environment. Starting with the January 13, 2026, Windows security...Elanor92General SecurityVulnerability ManagementSun, 19 Apr 2026 14:11:51 GMT