Defender Experts now offers 24/7, expert-driven protection for cloud workloads, beginning with hybrid and multicloud servers in Microsoft Defender for Cloud. Additionally, third-party network signals can be used in Microsoft Defender Experts for XDR to enhance incidents for faster and…
Category: Microsoft Security Blog
Microsoft Entra Suite delivers 131% ROI by unifying identity and network access
According to a new Forrester Total Economic Impact™ study, organizations using the Microsoft Entra Suite achieved a 131% ROI, $14.4 million in benefits, and payback in less than six months. The post Microsoft Entra Suite delivers 131% ROI by unifying…
Modernize your identity defense with Microsoft Identity Threat Detection and Response
Microsoft’s Identity Threat Detection and Response solution integrates identity and security operations to provide proactive, real-time protection against sophisticated identity-based cyberthreats. The post Modernize your identity defense with Microsoft Identity Threat Detection and Response appeared first on Microsoft Security Blog.…
Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats
Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been ongoing since at least 2024, targeting embassies in Moscow using an adversary-in-the-middle (AiTM) position to deploy their custom ApolloShadow…
Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability
Microsoft Threat Intelligence has discovered a macOS vulnerability, tracked as CVE-2025-31199, that could allow attackers to steal private data of files normally protected by Transparency, Consent, and Control (TCC), including the ability to extract and leak sensitive information cached by…
Microsoft Sentinel data lake: Unify signals, cut costs, and power agentic AI
We’re evolving our industry-leading Security Incidents and Event Management solution (SIEM), Microsoft Sentinel, to include a modern, cost-effective data lake. By unifying all your security data, Microsoft Sentinel data lake, in public preview, accelerates AI adoption and drives unparalleled visibility,…
Disrupting active exploitation of on-premises SharePoint vulnerabilities
Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting vulnerabilities targeting internet-facing SharePoint servers. In addition, we have observed another China-based threat actor, tracked as Storm-2603, exploiting these vulnerabilities. Microsoft has released new comprehensive security…
Microsoft at Black Hat USA 2025: A unified approach to modern cyber defense
Microsoft will spotlight its AI-first, end-to-end security platform at Black Hat USA 2025. Read our blog post for details on how to connect with us there and what to expect from our participation. The post Microsoft at Black Hat USA…
Transparency on Microsoft Defender for Office 365 email security effectiveness
Microsoft believes in transparently sharing performance data from Microsoft Defender for Office 365, and other ecosystem providers, to help customers evaluate email security solutions and make decisions to layer for defense in depth. The post Transparency on Microsoft Defender for…
Protecting customers from Octo Tempest attacks across multiple industries
To help protect and inform customers, Microsoft highlights protection coverage across the Microsoft Defender security ecosystem to protect against threat actors like Octo Tempest. The post Protecting customers from Octo Tempest attacks across multiple industries appeared first on Microsoft Security…