Enhancing Microsoft 365 security by eliminating high-privilege access

In this blog you will hear directly from Microsoft’s Deputy Chief Information Security Officer CISO for Experiences and Devices, Naresh Kannan, about eliminating high-privileged access across all Microsoft 365 applications. This blog is part of an ongoing series where our Deputy CISOs share their...

Navigating cyber risks with Microsoft Security Exposure Management eBook

Imagine steering a vessel through Arctic waters where 90% of iceberg mass lies hidden beneath the surface; your lookouts equipped only with telescopes and blind to the submerged threats. This parallels today's cybersecurity landscape: According to the Microsoft Digital Defense Report 2024, nearly...

Microsoft partners with Global Anti-Scam Alliance to fight cybercrime

Being the victim of a scam can be devastating. Unfortunately, the number of people who can attest to the truth of this statement, either because they themselves have been scammed or because it has happened to someone they know, is growing. The Global Anti-Scam Alliance GASA reports that in 2024...

Microsoft partners with Global Anti-Scam Alliance to fight cybercrime

Being the victim of a scam can be devastating. Unfortunately, the number of people who can attest to the truth of this statement, either because they themselves have been scammed or because it has happened to someone they know, is growing. The Global Anti-Scam Alliance GASA reports that in 2024...

Transforming public sector security operations in the AI era

The cyberthreat landscape is evolving at an unprecedented pace, becoming increasingly dangerous and complex. Nation-state threat actors and cybercriminals are employing advanced tactics and generative AI to execute highly sophisticated attacks. This situation is further compounded by outdated...

How MSRC coordinates vulnerability research and disclosure while building community

In an era where discovering and rapidly mitigating security vulnerabilities is more important than ever before, the Microsoft Security Response Center MSRC is at the center of this work. MSRC focuses on investigating vulnerabilities, coordinating their disclosure, and releasing security updates t...

Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments

In this article 1. Cookie-controlled execution behavior 2. Observed variants of cookie-controlled PHP web shells 3. Mitigation and protection guidance 4. Microsoft Defender XDR detections 5. Microsoft Security Copilot prompts 6. Microsoft Defender XDR threat analytics 7. MITRE ATT&CK™ Techniques...

The threat to critical infrastructure has changed. Has your readiness?

Critical infrastructure CI organizations underpin national security, public safety, and the economy. In 2026, the cyber threat landscape facing these sectors is structurally different than it was even two years ago. What Microsoft Threat Intelligence is observing across critical infrastructure...

The threat to critical infrastructure has changed. Has your readiness?

Critical infrastructure CI organizations underpin national security, public safety, and the economy. In 2026, the cyber threat landscape facing these sectors is structurally different than it was even two years ago. What Microsoft Threat Intelligence is observing across critical infrastructure...

Applying security fundamentals to AI: Practical advice for CISOs

What to know about the era of AI The first thing to know is that AI isn’t magic The best way to think about how to effectively use and secure a modern AI system is to imagine it like a very new, very junior person. It’s very smart and eager to help but can also be extremely unintelligent. Like a...

OAuth redirection abuse enables phishing and malware delivery

Microsoft observed phishing-led exploitation of OAuth’s by-design redirection mechanisms. The activity targets government and public-sector organizations and uses silent OAuth authentication flows and intentionally invalid scopes to redirect victims to attacker-controlled infrastructure without...

Scaling security operations with Microsoft Defender autonomous defense and expert-led services

Today’s security leaders are operating in an environment of truncated cyberattack timelines with aging defenses built for slower, linear cyberthreats that can no longer keep pace with advanced cyberthreats. AI-powered threat actors now use social engineering and malware that adapt in real time,...

Microsoft SDL: Evolving security practices for an AI-powered world

As AI reshapes the world, organizations encounter unprecedented risks, and security leaders take on new responsibilities. Microsoft’s Secure Development Lifecycle SDL is expanding to address AI-specific security concerns in addition to the traditional software security areas that it has...

Infostealers without borders: macOS, Python stealers, and platform abuse

Infostealer threats are rapidly expanding beyond traditional Windows-focused campaigns, increasingly targeting macOS environments, leveraging cross-platform languages such as Python, and abusing trusted platforms and utilities to silently deliver credential-stealing malware at scale. Since late...

Turning threat reports into detection insights with AI

Security teams routinely need to transform unstructured threat knowledge, such as incident narratives, red team breach-path writeups, threat actor profiles, and public reports into concrete defensive action. The early stages of that work are often the slowest. These include extracting tactics,...

New Microsoft Data Security Index report explores secure AI adoption to protect sensitive data

Generative AI and agentic AI are redefining how organizations innovate and operate, unlocking new levels of productivity, creativity and collaboration across industry teams. From accelerating content creation to streamlining workflows, AI offers transformative benefits that empower organizations ...

Security strategies for safeguarding governmental data

The Deputy CISO blog series is where Microsoft Deputy Chief Information Security Officers CISOs share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start and stop deploying, forward-looking commentary on where the...

Four priorities for AI-powered identity and network access security in 2026

No doubt, your organization has been hard at work over the past several years implementing industry best practices, including a Zero Trust architecture. But even so, the cybersecurity race only continues to intensify. AI has quickly become a powerful tool misused by threat actors, who use it to...

How Microsoft builds privacy and security to work hand-in-hand

The Deputy CISO blog series is where Microsoft Deputy Chief Information Security Officers CISOs share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start and stop deploying, forward-looking commentary on where the...

Explore the latest Microsoft Incident Response proactive services for enhanced resilience

As cyberthreats become faster, harder to detect, and more sophisticated, organizations must focus on building resilience—strengthening their ability to prevent, withstand, and recover from cybersecurity incidents. Resilience can mean the difference between containing an incident with minimal...

Phishing actors exploit complex routing and misconfigurations to spoof domains

Phishing actors are exploiting complex routing scenarios and misconfigured spoof protections to effectively spoof organizations’ domains and deliver phishing emails that appear, superficially, to have been sent internally. Threat actors have leveraged this vector to deliver a wide variety of...

Introducing the Microsoft Defender Experts Suite: Elevate your security with expert-led services

Security teams are being pushed to their limits as AI‑powered cyberattacks grow in speed, scale, and sophistication—and only 14% of organizations surveyed by the World Economic Forum report they feel confident they have the right people and skills needed to meet their cybersecurity objectives.1 A...

New Microsoft e-book: 3 reasons point solutions are holding you back

While patchwork tools slow defenders down and impact visibility into potential cyberthreats, they’re an unfortunate reality for many organizations. As digital risk accelerates and attack surfaces multiply, security leaders are doing their best to stitch together point solutions while trying to...

From awareness to action: Building a security-first culture for the agentic AI era

The insights gained from Cybersecurity Awareness Month, right through to Microsoft Ignite 2025, demonstrate that security remains a top priority for business leaders. It serves as a strategic lever for organizational growth, fosters trust, and facilitates the advancement of AI innovation. The Wor...

Clarity in complexity: New insights for transparent email security

As email threats grow more sophisticated and layered security architectures become more common, organizations need clear, data-driven insights to evaluate how their security solutions perform together. Benchmarking plays a critical role in helping security leaders understand not just individual...

Stronger together: New Beazley collaboration enhances cyber resilience

Today’s cyberthreat landscape demands more than technical expertise: it requires a unified response team of technical responders, insurers, brokers, and legal counsel. This integrated approach is key to building long-term cyber resilience to help your organization anticipate, withstand, recover...

How to build forward-thinking cybersecurity teams for tomorrow

We are witnessing something unprecedented in cybersecurity: the democratization of advanced cyberattack capabilities. What once required nation-state resources sophisticated social engineering, polymorphic malware, coordinated infrastructure now fits in a prompt window. AI is no longer a futurist...

Microsoft named a Leader in the Gartner® Magic Quadrant™ for Access Management for the ninth consecutive year

I'm deeply grateful to our customers and partners for their continued trust and collaboration. We’re happy to share that Microsoft has been recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for Access Management for the ninth consecutive year. We feel this recognition underscores the...

​​Ambient and autonomous security for the agentic era​​

Over the past year, I've had countless conversations with customers who are striving to unlock human ambition with AI. They are on their journey to become Frontier Firms, where humans and agents push the boundaries of innovation and create new possibilities, empowering humans to become limitless...

Agents built into your workflow: Get Security Copilot with Microsoft 365 E5

The cybersecurity landscape is at a historic inflection point. As cyberattackers wield AI to automate cyberattacks at extraordinary speed and scale, the challenge before us is not just to keep pace—but to leap ahead. There are over four million unfilled cybersecurity jobs, so depending solely on...

Collaborative research by Microsoft and NVIDIA on real-time immunity

AI-Powered Threats Demand AI-Powered Defense While AI supports growth and innovation, it is also reshaping how organizations address faster, more adaptive security risks. AI-driven security threats, including “vibe-hacking”, are evolving faster than traditional defenses can adapt. Attackers can n...

​​Whisper Leak: A novel side-channel attack on remote language models

Microsoft has discovered a new type of side-channel attack on remote language models. This type of side-channel attack could allow a cyberattacker a position to observe your network traffic to conclude language model conversation topics, despite being end-to-end encrypted via Transport Layer...

​​Learn what generative AI can do for your security operations center

The busier security teams get, the harder it can be to understand the full impact of false positives, queue clutter, tool fragmentation, and more. But what is clear—it all adds up to increased fatigue and an increased potential to miss the cyberthreats that matter most. To help security teams...

Harden your identity defense with improved protection, deeper correlation, and richer context

In today’s digital-first enterprise, identities have become the new corporate security perimeter. Hybrid work and cloud-first strategies have dissolved traditional network boundaries and dramatically increased the complexity of identity fabrics. Security teams are left managing a constellation of...

The CISO imperative: Building resilience in an era of accelerated cyberthreats

The latest Microsoft Digital Defense Report 2025 paints a vivid picture of a cyberthreat landscape in flux. The surge in financially motivated cyberattacks and the persistent risk of nation-state actors demand urgent attention. But for those of us in the Office of the Chief Information Security...

The CISO imperative: Building resilience in an era of accelerated cyberthreats

The latest Microsoft Digital Defense Report 2025 paints a vivid picture of a cyberthreat landscape in flux. The surge in financially motivated cyberattacks and the persistent risk of nation-state actors demand urgent attention. But for those of us in the Office of the Chief Information Security...

Microsoft named a Leader in the 2025 Gartner® Magic Quadrant™ for SIEM

We’re honored to share that Microsoft has again been recognized as a Leader in the2025 Gartner® Magic Quadrant™ for Security Information and Event Management SIEM.1 We believe this recognition reinforces Microsoft Sentinel's position as an industry-leading, cloud and AI-powered SIEM—designed to...

The importance of hardening customer support tools against cyberattacks

The Deputy CISO blog series is whereMicrosoft Deputy Chief Information Security Officers CISOs share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start and stop deploying, forward-looking commentary on where the...

Microsoft raises the bar: A smarter way to measure AI for cybersecurity

ExCyTIn-Bench is Microsoft’s newest open-source benchmarking tool designed to evaluate how well AI systems perform real-world cybersecurity investigations.1 It helps business leaders assess language models by simulating realistic cyberthreat scenarios and providing clear, actionable insights into...

Microsoft raises the bar: A smarter way to measure AI for cybersecurity

ExCyTIn-Bench is Microsoft’s newest open-source benchmarking tool designed to evaluate how well AI systems perform real-world cybersecurity investigations.1 It helps business leaders assess language models by simulating realistic cyberthreat scenarios and providing clear, actionable insights into...

Building a lasting security culture at Microsoft

At Microsoft, building a lasting security culture is more than a strategic priority—it is a call to action. Security begins and ends with people, which is why every employee plays a critical role in protecting both Microsoft and our customers. When secure practices are woven into how we think,...

Securing agentic AI: Your guide to the Microsoft Ignite sessions catalog

Security is a core focus at Microsoft Ignite 2025, reflected in dedicated sessions and hands-on experiences designed for security professionals and leaders. Whether you’re shaping strategy or working on the front lines, Microsoft Ignite offers direct access to the latest advancements and practica...

Securing agentic AI: Your guide to the Microsoft Ignite sessions catalog

Security is a core focus at Microsoft Ignite 2025, reflected in dedicated sessions and hands-on experiences designed for security professionals and leaders. Whether you’re shaping strategy or working on the front lines, Microsoft Ignite offers direct access to the latest advancements and practica...

Inside Microsoft Threat Intelligence: Calm in the chaos

Leading Through the Worst Day Incident response is never orderly. Threat actors don’t wait. Environments are compromised. Data is missing. Confidence is shaken. But for Microsoft’s Incident Response IR team, that chaos is exactly where the work begins. In Episode 1, we showed how Microsoft Threat...

Inside Microsoft Threat Intelligence: Calm in the chaos

Leading Through the Worst Day Incident response is never orderly. Threat actors don’t wait. Environments are compromised. Data is missing. Confidence is shaken. But for Microsoft’s Incident Response IR team, that chaos is exactly where the work begins. In Episode 1, we showed how Microsoft Threat...

Microsoft named a Leader in the IDC MarketScape for XDR

When cybersecurity stakes are high and complexity is the norm, Microsoft doesn’t just participate, it excels with Microsoft Defender XDR—built to anticipate, disrupt, and outpace modern cyberthreats. We are excited to announce that Microsoft has been named a Leader in the IDC MarketScape: Worldwi...

XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory

Microsoft Threat Intelligence has identified yet another XCSSET variant in the wild that introduces further updates and new modules beyond those detailed in our March 2025 blog post. The XCSSET malware is designed to infect Xcode projects, typically used by software developers, and run while an...

XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory

Microsoft Threat Intelligence has identified yet another XCSSET variant in the wild that introduces further updates and new modules beyond those detailed in our March 2025 blog post. The XCSSET malware is designed to infect Xcode projects, typically used by software developers, and run while an...

Microsoft Defender delivered 242% return on investment over three years​​

The latest Forrester Total Economic Impact™ TEI study reveals a 242% return on investment ROI over three years for organizations that chose Microsoft Defender. It helps security leaders consolidate tools, reduce overhead, and empower their security operations SecOps teams with operational...

Azure mandatory multifactor authentication: Phase 2 starting in October 2025

As cyberattacks become increasingly frequent, sophisticated, and damaging, safeguarding your digital assets has never been more critical, and at Microsoft, your security is our top priority. Microsoft research shows that multi-factor authentication MFA can block more than 99.2% of account...