Microsoft Purview innovations for your Fabric data: Unify data security and governance for the AI era

The Microsoft Fabric and Purview teams are thrilled to participate in the European Microsoft Fabric Community Conference September 15-18, 2025, in Vienna, Austria. This event is Microsoft’s largest tech conference in Europe, where data professionals gather to connect and share insights on data,...

Microsoft Purview innovations for your Fabric data: Unify data security and governance for the AI era

The Microsoft Fabric and Purview teams are thrilled to participate in the European Microsoft Fabric Community Conference September 15-18, 2025, in Vienna, Austria. This event is Microsoft’s largest tech conference in Europe, where data professionals gather to connect and share insights on data,...

Azure mandatory multifactor authentication: Phase 2 starting in October 2025

As cyberattacks become increasingly frequent, sophisticated, and damaging, safeguarding your digital assets has never been more critical, and at Microsoft, your security is our top priority. Microsoft research shows that multi-factor authentication MFA can block more than 99.2% of account...

Azure mandatory multifactor authentication: Phase 2 starting in October 2025

As cyberattacks become increasingly frequent, sophisticated, and damaging, safeguarding your digital assets has never been more critical, and at Microsoft, your security is our top priority. Microsoft research shows that multi-factor authentication MFA can block more than 99.2% of account...

Storm-0501’s evolving techniques lead to cloud-based ransomware

Microsoft Threat Intelligence has observed financially motivated threat actor Storm-0501 continuously evolving their campaigns to achieve sharpened focus on cloud-based tactics, techniques, and procedures TTPs. While the threat actor has been known for targeting hybrid cloud environments, their...

Storm-0501’s evolving techniques lead to cloud-based ransomware

Microsoft Threat Intelligence has observed financially motivated threat actor Storm-0501 continuously evolving their campaigns to achieve sharpened focus on cloud-based tactics, techniques, and procedures TTPs. While the threat actor has been known for targeting hybrid cloud environments, their...

Microsoft ranked number one in modern endpoint security market share third year in a row

Amidst the backdrop of a surging number of ransomware campaigns worldwide, organizations have increasingly chosen Microsoft Defender’s endpoint security as their preferred solution. It’s engineered to disrupt cyberattacks and not business continuity. As a result, for a third year a row, Microsoft...

Microsoft ranked number one in modern endpoint security market share third year in a row

Amidst the backdrop of a surging number of ransomware campaigns worldwide, organizations have increasingly chosen Microsoft Defender’s endpoint security as their preferred solution. It’s engineered to disrupt cyberattacks and not business continuity. As a result, for a third year a row, Microsoft...

Securing and governing the rise of autonomous agents​​

In this blog, you will hear directly from Corporate Vice President and Deputy Chief Information Security Officer CISO for Identity, Igor Sakhnov, about how to secure and govern autonomous agents. This blog is part of a new ongoing series where our Deputy CISOs share their thoughts on what is most...

Securing and governing the rise of autonomous agents​​

In this blog, you will hear directly from Corporate Vice President and Deputy Chief Information Security Officer CISO for Identity, Igor Sakhnov, about how to secure and govern autonomous agents. This blog is part of a new ongoing series where our Deputy CISOs share their thoughts on what is most...

Think before you Click(Fix): Analyzing the ClickFix social engineering technique

Over the past year, Microsoft Threat Intelligence and Microsoft Defender Experts have observed the ClickFix social engineering technique growing in popularity, with campaigns targeting thousands of enterprise and end-user devices globally every day. Since early 2024, we’ve helped multiple custome...

Think before you Click(Fix): Analyzing the ClickFix social engineering technique

Over the past year, Microsoft Threat Intelligence and Microsoft Defender Experts have observed the ClickFix social engineering technique growing in popularity, with campaigns targeting thousands of enterprise and end-user devices globally every day. Since early 2024, we’ve helped multiple custome...

Quantum-safe security: Progress towards next-generation cryptography

Quantum computing promises transformative advancements, yet it also poses a very real risk to today’s cryptographic security. In the future scalable quantum computing could break public-key cryptography methods currently in use and undermine digital signatures, resulting in compromised...

Quantum-safe security: Progress towards next-generation cryptography

Quantum computing promises transformative advancements, yet it also poses a very real risk to today’s cryptographic security. In the future scalable quantum computing could break public-key cryptography methods currently in use and undermine digital signatures, resulting in compromised...

Dissecting PipeMagic: Inside the architecture of a modular backdoor framework

Among the plethora of advanced attacker tools that exemplify how threat actors continuously evolve their tactics, techniques, and procedures TTPs to evade detection and maximize impact, PipeMagic, a highly modular backdoor used by Storm-2460 masquerading as a legitimate open-source ChatGPT Deskto...

Dissecting PipeMagic: Inside the architecture of a modular backdoor framework

Among the plethora of advanced attacker tools that exemplify how threat actors continuously evolve their tactics, techniques, and procedures TTPs to evade detection and maximize impact, PipeMagic, a highly modular backdoor used by Storm-2460 masquerading as a legitimate open-source ChatGPT Deskto...

Connect with the security community at Microsoft Ignite 2025

In today’s AI-powered world, security professionals are facing unprecedented challenges—and opportunities. As generative AI reshapes the digital landscape, the need for robust, intelligent, and adaptive security strategies has never been more urgent. At Microsoft Ignite 2025, we will showcase...

Connect with the security community at Microsoft Ignite 2025

In today’s AI-powered world, security professionals are facing unprecedented challenges—and opportunities. As generative AI reshapes the digital landscape, the need for robust, intelligent, and adaptive security strategies has never been more urgent. At Microsoft Ignite 2025, we will showcase...

Dow’s 125-year legacy: Innovating with AI to secure a long future

Founded more than 125 years ago, Dow has demonstrated a commitment to leveraging science to make the world a better place. Today, Dow’s ambition to be the most innovative, inclusive, and sustainable materials science company is supported by a global security team dedicated to keeping employees,...

Dow’s 125-year legacy: Innovating with AI to secure a long future

Founded more than 125 years ago, Dow has demonstrated a commitment to leveraging science to make the world a better place. Today, Dow’s ambition to be the most innovative, inclusive, and sustainable materials science company is supported by a global security team dedicated to keeping employees,...

Announcing public preview: Phishing triage agent in Microsoft Defender

Intelligent triage for a more agile, autonomous SOC At Microsoft Secure 2025, we introduced a new wave of innovations across Microsoft Defender aimed at redefining what AI can do for security operations. At the center of these announcements was the launch of 11 Security Copilot agents, each...

Sharing practical guidance: Launching Microsoft Secure Future Initiative (SFI) patterns and practices

We’re excited to launch Microsoft Secure Future Initiative SFI patterns and practices : a new library of actionable guidance designed to help organizations implement security measures at scale. This launch marks the next step in our journey to make our SFI learnings practical for our customers,...

Elevate your protection with expanded Microsoft Defender Experts coverage

Defender Experts now offers 24/7, expert-driven protection for cloud workloads, beginning with hybrid and multicloud servers in Microsoft Defender for Cloud. Additionally, third-party network signals can be used in Microsoft Defender Experts for XDR to enhance incidents for faster and more accura...

Microsoft Entra Suite delivers 131% ROI by unifying identity and network access

In today’s AI-first world, identity and network access are the first touchpoints for enforcing least privilege and protecting against sophisticated, identity-based attacks—but for many organizations, that defense is fragmented. Siloed teams and disconnected tools create security gaps, operational...

Modernize your identity defense with Microsoft Identity Threat Detection and Response

In today’s fast-evolving landscape, where businesses balance on-premises systems and cloud resources, identity-based cyberthreats are growing more frequent and sophisticated. The question isn’t whether an identity attack will occur—but when. The numbers are staggering: In 2024 Microsoft saw an...

Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats

Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been targeting embassies located in Moscow using an adversary-in-the-middle AiTM position to deploy their custom ApolloShadow malware. ApolloShadow has the...

Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability

Microsoft Threat Intelligence has discovered a macOS vulnerability that could allow attackers to steal private data of files normally protected by Transparency, Consent, and Control TCC, such as files in the Downloads folder, as well as caches utilized by Apple Intelligence. While similar to prio...

Disrupting active exploitation of on-premises SharePoint vulnerabilities

July 23, 2025 update – Expanded analysis and threat intelligence from our continued monitoring of exploitation activity by Storm-2603 leading to the deployment of Warlock ransomware. Based on new information, we have updated the Attribution, Indicators of compromise, extended and clarified...

Microsoft Sentinel data lake: Unify signals, cut costs, and power agentic AI

You can’t protect what you can’t see. Security operations teams have long been faced with the challenge of managing massive, fast-growing datasets, and the cost of scaling traditional data management tools to handle these data volumes has become unsustainable. We’re evolving our industry-leading...

Microsoft at Black Hat USA 2025: A unified approach to modern cyber defense

Microsoft will be at Black Hat USA 2025, August 5–7 in Las Vegas, and we’re bringing you a unified, practitioner-driven experience built around real-world insights, threat intelligence, incident response, and hands-on AI expertise. We believe security teams are strongest when intelligence, tools,...

Transparency on Microsoft Defender for Office 365 email security effectiveness

In today’s world, cyberattackers are relentless. They are often well-resourced, highly sophisticated, and constantly innovating, which means the effectiveness of cybersecurity solutions must be continuously evaluated, not assumed. Yet, despite the critical role email security plays in protecting...

Microsoft is named a Leader in the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

Since 2022, the number of human-operated ransomware-linked encounters by organizations surged by 2.75x. Yet, Microsoft Defender for Endpoint has outpaced this rise, reducing the number of successful attacks by 3x, proving its power to turn the tide against evolving cyberthreats.1 Defender for...

Protecting customers from Octo Tempest attacks across multiple industries

In recent weeks, Microsoft has observed Octo Tempest, also known as Scattered Spider, impacting the airlines sector, following previous activity impacting retail, food services, hospitality organizations, and insurance between April and July 2025. This aligns with Octo Tempest’s typical patterns ...

Improving IT efficiency with Microsoft Security Copilot in Microsoft Intune and Microsoft Entra

When Microsoft introduced Microsoft Security Copilot last year, our vision was to empower organizations with generative AI that helps security and IT teams simplify operations and respond faster. Since then, we’ve continuously innovated and learned alongside our customers. They consistently tell ...

​​Forrester names Microsoft a Leader in the 2025 Zero Trust Platforms Wave™ report

We are proud to share that Forrester has named Microsoft a Leader in The Forrester Wave™: Zero Trust Platforms, Q3 2025 report, ranking us highest in the strategy category. With so many strong vendors and solutions in the Zero Trust space, you need solid data to make the right choice for your...

Microsoft expands Zero Trust workshop to cover network, SecOps, and more

Building on identity, devices, and data, the workshop now covers network, infrastructure, and SecOps As the nature of cyberthreats and security challenges evolve, organizations have coalesced around a Zero Trust architecture as the approach to modernize their end-to-end security adoption and...

Enhancing Microsoft 365 security by eliminating high-privilege access

In this blog you will hear directly from Microsoft’s Deputy Chief Information Security Officer CISO for Experiences and Devices, Naresh Kannan, about eliminating high-privileged access across all Microsoft 365 applications. This blog is part of an ongoing series where our Deputy CISOs share their...

Learn how to build an AI-powered, unified SOC in new Microsoft e-book

The sheer volume of cyberattacks continues to increase at a breathtaking scale worldwide, with customers facing more than 600 million cybercriminal and nation-state attacks every day.1 To stem the growing tide of malicious cyber activity takes a commitment from all of us—individuals from operatio...

Planning your move to Microsoft Defender portal for all Microsoft Sentinel customers

In November 2023, Microsoft announced our strategy to unify security operations by bringing the best of XDR and SIEM together. Our first step was bringing Microsoft Sentinel into the Defender portal, giving teams a single, comprehensive view of incidents, reducing queue management, enriched threa...

Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations

Since 2024, Microsoft Threat Intelligence has observed remote information technology IT workers deployed by North Korea leveraging AI to improve the scale and sophistication of their operations, steal data, and generate revenue for the Democratic People’s Republic of Korea DPRK. Among the changes...

Unveiling RIFT: Enhancing Rust malware analysis through pattern matching

Today, Microsoft Threat Intelligence Center is excited to announce the release of RIFT , a tool designed to assist malware analysts automate the identification of attacker-written code within Rust binaries. Known for its efficiency, type safety, and robust memory safety, Rust has increasingly...

Building security that lasts: Microsoft’s journey towards durability at scale ​​

In this blog you will hear directly from Microsoft’s Deputy Chief Information Security Officer CISO for Azure and operating systems, Mark Russinovich, about how Microsoft operationalized security durability at scale. This blog is part of an ongoing series where our Deputy CISOs share their though...

Microsoft Named a Leader in the 2025 IDC CNAPP MarketScape: Key Takeaways for Security Buyers

The cloud-native application protection platform CNAPP market continues to evolve rapidly as organizations look to secure increasingly complex cloud environments. In the recently published 2025 IDC MarketScape for Worldwide CNAPP, Microsoft has been recognized as a Leader, reaffirming its...

Microsoft is named a Leader in The Forrester Wave™: Security Analytics Platforms, 2025​​

What is a security operations center? Learn more ↗ Microsoft is proud to be named a Leader in The Forrester Wave™: Security Analytics Platforms, Q2 2025—which we believe reflects our deep investment in innovation and commitment to support security operations centers SOCs’s critical mission. This...

Navigating cyber risks with Microsoft Security Exposure Management eBook

Imagine steering a vessel through Arctic waters where 90% of iceberg mass lies hidden beneath the surface; your lookouts equipped only with telescopes and blind to the submerged threats. This parallels today's cybersecurity landscape: According to the Microsoft Digital Defense Report 2024, nearly...

Data Breach Reporting for regulatory requirements with Microsoft Data Security Investigations​​

Seventy-four percent of organizations surveyed experienced at least one data security incident with their business data exposed in the previous year as reported in Microsoft’s Data Security Index: Trends, insights, and strategies to secure data report. Despite the best people, process and...

Cyber resilience begins before the crisis

In this blog you will hear directly from Microsoft’s Deputy Chief Information Security Officer CISO for Customer Security, Ann Johnson, about the need for proactive planning in cyber incidents, particularly surrounding communications. This blog is part of a new, ongoing series where our Deputy...

Connect with us at the Gartner Security & Risk Management Summit

Security professionals visiting booths scattered around a hall, eager for solutions to today’s top cybersecurity challenges to protect their resources and people. The hum of hundreds of conversations. Presenters in packed sessions sharing expertise, trends, and stories to energize attendees. Few...

Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity: Part 3

Microsoft launched its Cybersecurity Governance Council in 2024, and with it, named a group of deputy chief information security officers that ensure comprehensive oversight of the company’s cybersecurity risk, defense, and compliance. These leaders work in tandem with product and engineering...

How Microsoft Defender for Endpoint is redefining endpoint security

Securing your digital estate with endpoint detection and response EDR across all platforms, devices, and Internet of Things IoT has never been more challenging. A rapidly evolving cyberthreat landscape has seen cyberattacks grow in sophistication, evolving from randomized single domain cyberattac...