#microsoft365

The New Oil

@thenewoil.org

3 hours ago

Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins An international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers to steal Microsoft account credentials.

Authorities disrupt router #DNS hijacks used to steal #Microsoft365 logins

www.bleepingcomputer.com/news/security/authoritie...

#cybersecurity #Microsoft #MikroTik #TPLink #FrostArmada #Russia #FancyBear

Vesa Juvonen

@vesajuvonen.bsky.social

3 hours ago

💡 Did you know you can turn any AI agent into a Microsoft 365 agent?

MK Bajwa shows how the #Agent365 SDK lets you bring external AI agents into #Microsoft365 with identity, governance, and observability.

📺 Watch the demo here → youtu.be/dOcIowhliJ4

Tony Redmond

@office365itpros.com

4 hours ago

Using the Microsoft 365 Connector for Claude The Microsoft 365 Connector for Claude allows Claude to access SharePoint and OneDrive files, emails, and Teams chats and meetings.

Anthrophic now allows any Claude user (even the free plan) to use its #Microsoft365 connector (an MCP client-server setup) to access #Microsoft365 content (Exchange, SharePoint, OneDrive, Teams). Here's how it works: office365itpros.com/2026/04/08/m...

Juan Carlos Gonzalez

@jcgm1978.bsky.social

4 hours ago

Microsoft 365 - Inteligencia multimodal en el Agente Researcher YouTube video by Todo sobre Microsoft 365 | All about Microsoft 365

Microsoft 365 - Inteligencia multimodal en el Agente Researcher youtu.be/Epqxh9MQjls?... #Microsoft365 #Microsoft365Copilot #MVPBuzz

in2success GmbH

@in2success.gmbh

5 hours ago

Microsoft Power Platform Grundlagen – Überblick, Architektur & Best Practices Was ist eigentlich die Microsoft Power Platform – und wofür braucht man welches Produkt? In diesem Grundlagen‑Video gibt dir Daniela Zurwerra (Senior Consultant bei in2success) einen verständlichen…

Du wolltest schon immer mit der Power Platform starten, aber wusstest nie genau wie? 🚀
Dieses Video ist Dein perfekter Einstieg. Daniela Zurwerra erklärt Dir alles verständlich, praxisnah und ohne Technik Overload.
👉 Jetzt anschauen youtu.be/d33K8QuBGXw
#PowerPlatform #LowCode #Microsoft365

Martina Grom ⛅️ 🏃‍♀️ #bekind

@magrom.bsky.social

8 hours ago

Microsoft Teams will finally honor the do not disturb function in Windows. www.microsoft.com/de...
#MicrosoftTeams #Microsoft365

Brink

@shawnbrink.bsky.social

13 hours ago

Microsoft 365 Insider Current Channel (Preview) v2604 build 19929.20032 - April 7 Microsoft 365 Insider: Version 2604 (Build 19929.20032) Source: Release Notes Current Channel (Preview) - Office release notes Update History for Office Current Channel (Preview) - Office release n...

New #Office2021, #Office2024, and #Microsoft365 Current Channel (Preview) version 2604 build 19929.20032 has been released
www.elevenforum.com/t/microsoft-...

@marcor73.bsky.social

16 hours ago

Secure & Governed Data Foundation for Microsoft 365 Copilot - Foundational Deployment Guidance Use this deployment blueprint to help prevent oversharing when using Microsoft 365 Copilot.

Latest enhancements for Copilot security, management, and analytics

Download the blueprint at aka.ms/Copilot/Secu...

techcommunity.microsoft.com/blog/microso...

#Copilot #AI #Security #OverSharing #Purview #Microsoft365

CySecurity News

@cysecuritynews.bsky.social

18 hours ago

Microsoft 365 Accounts Targeted in Large Iran-Linked Cyber Campaign A cyber operation believed to be linked to Iranian threat actors has been identified targeting Microsoft 365 environments, with a primary focus on organizations in Israel and the United Arab Emirates. The activity comes amid ongoing tensions in the Middle East and is still considered active. According to research from Check Point, the campaign was carried out in three separate waves on March 3, March 13, and March 23, 2026. More than 300 organizations in Israel and over 25 in the U.A.E. were affected. Investigators also observed limited targeting in Europe, the United States, the United Kingdom, and Saudi Arabia. The attackers focused on cloud-based systems used across a wide range of sectors, including government bodies, municipalities, transportation services, energy infrastructure, technology firms, and private companies. This broad targeting indicates an effort to access both public-sector systems and critical commercial operations. The primary method used in the campaign is known as password spraying. In this technique, attackers attempt a small number of commonly used passwords across many accounts instead of repeatedly targeting a single account. This approach increases the chances of finding weak credentials while avoiding detection systems such as account lockouts or rate-limiting controls. Security researchers noted that similar techniques have previously been associated with Iranian groups such as Peach Sandstorm and Gray Sandstorm. The current activity appears to follow a structured sequence. It begins with large-scale scanning and password attempts routed through Tor exit nodes to conceal the origin of the traffic. This is followed by login attempts, and in successful cases, the extraction of sensitive data, including email content from compromised accounts. Analysis of Microsoft 365 logs revealed patterns consistent with earlier operations attributed to Gray Sandstorm. Investigators observed the use of red-team style tools and infrastructure, as well as commercial VPN services linked to hosting providers previously associated with Iran-linked cyber activity in the region. To reduce risk, organizations are advised to monitor sign-in activity for unusual patterns, restrict authentication based on geographic conditions, enforce multi-factor authentication for all users, and enable detailed audit logs to support investigation in the event of a breach. Renewed Activity from Pay2Key Ransomware Operation In a related development, a U.S.-based healthcare organization was targeted in late February 2026 by Pay2Key, an Iran-linked ransomware group with connections to a broader threat cluster known by multiple aliases. The group operates under a ransomware-as-a-service model and was first identified in 2020. The version used in this attack represents an upgrade from campaigns observed in July 2025, incorporating improved techniques for evasion, execution, and anti-forensic activity. Reports from Beazley Security and Halcyon indicate that no data was exfiltrated in this instance, marking a shift away from the group’s earlier double-extortion strategy. The intrusion is believed to have begun through an unknown access point. Attackers then used legitimate remote access software such as TeamViewer to establish a foothold. From there, they harvested credentials to move laterally across the network, disabled Microsoft Defender Antivirus by falsely indicating that another antivirus solution was active, and interfered with system recovery processes. The attackers then deployed ransomware, issued a ransom note, and cleared logs to conceal their activity. Notably, logs were deleted at the end of the attack rather than at the beginning, ensuring that even the ransomware’s own actions were removed, making forensic analysis more difficult. The group has also adjusted its affiliate model, offering up to 80 percent of ransom payments, compared to 70 percent previously, particularly for attacks aligned with geopolitical objectives. In addition, a Linux variant of the ransomware has been identified in the wild. This version is configuration-driven, requires root-level access to execute, and is designed to navigate file systems, classify storage mounts, and encrypt data using the ChaCha20 encryption algorithm in either full or partial modes. Before encryption begins, the malware weakens system defenses by stopping services, terminating processes, disabling security frameworks such as SELinux and AppArmor, and setting up a scheduled task to execute after system reboot. These steps allow the ransomware to run more efficiently and persist even after restarts. Further developments point to coordination among pro-Iranian cyber actors. In March 2026, operators associated with another ransomware strain encouraged affiliates to adopt an alternative tool known as Baqiyat 313 Locker, also referred to as BQTLock, due to a surge in participation requests. This ransomware, which operates with pro-Palestinian motives, has been used in attacks targeting the U.A.E., the United States, and Israel since July 2025. Cybersecurity experts note that Iran has a long history of using cyber operations as a response to political tensions. Increasingly, ransomware is being integrated into these efforts, blurring the line between financially motivated cybercrime and state-aligned cyber activity. Organizations need to adopt continuous monitoring, strong authentication measures, and proactive defense strategies to counter emerging threats.

Microsoft 365 Accounts Targeted in Large Iran-Linked Cyber Campaign #CyberCrime #Iran #Microsoft365

Brink

@shawnbrink.bsky.social

19 hours ago

Microsoft 365 Insider Beta Channel v2605 build 20006.20000 - April 7 Microsoft 365 Insider: Version 2605 (Build 20006.20000) Various fixes to functionality and performance. Source: Release Notes for Beta Channel - Office release notes Update History for Office Beta...

New #Microsoft365Insiders Beta Channel version 2605 build 20006.20000 released #Microsoft365 #OfficeInsiders #Office2021 #Office2024
www.elevenforum.com/t/microsoft-...

Redmond

@redmondit.bsky.social

19 hours ago

The doors attackers use are often left open by default.

Join us, sponsor Abnormal AI, and a panel of experts tomorrow for this FREE webcast on Microsoft 365 misconfigurations attackers actively exploit.

Register now: https://ow.ly/vvSt50YEVUg

#Microsoft365 #Cybersecurity #IdentitySecurity

Juan Carlos Gonzalez

@jcgm1978.bsky.social

19 hours ago

Microsoft 365: DLP in Microsoft 365 Copilot! DLP in Microsoft 365 Copilot allows you to prevent Copilot from processing documents that have been classified with a specific sensitivity label, as well as prompts that contain sensitive data. The…

Microsoft 365: DLP in Microsoft 365 Copilot! jcgonzalezmartin.wordpress.com/2026/04/07/m... #Microsoft365 #Microsoft365Copilot #MVPBuzz

The Daily Tech Feed

@thedailytechfeed.com

21 hours ago

Iranian cyber actors launch a massive password-spraying campaign targeting over 300 Israeli Microsoft 365 organizations. Stay vigilant and enforce MFA. #CyberSecurity #IranianHackers #Microsoft365 Link: thedailytechfeed.com/iranian-cybe...

@marcor73.bsky.social

21 hours ago

Scale knowledge sharing with AI community agents in Viva Engage AI-powered community agents help communities speed up answers and reduce repetitive work for admins.

Scale knowledge sharing with AI community agents in Viva Engage

#VivaEngage #MicrosoftViva #Agents #AI #Microsoft365 #Copilot

techcommunity.microsoft.com/blog/microso...

David Warner

@davidwarnerii.bsky.social

21 hours ago

Microsoft 365 & Power Platform Call (Microsoft Speakers) – April 7th, 2026 – Screenshot Summary - Warner Digital - David Warner II Call Highlights   SharePoint Quicklinks: Primary PnP Website: https://aka.ms/m365pnp Documentation & Guidance SharePoint Dev Videos Issues List —– Sharing Is Caring: A community initiative that...

Screenshot Summary – @community.ms #M365 & #PowerPlatform Microsoft Speakers Apr 7 Comm Call

Demos: @sebastienlevert.com, Zach Rosenfield & @paolopia.bsky.social

#Microsoft365 #PowerPlatform #Copilot #SharePoint #MCP

TY @vesajuvonen.bsky.social

#SharingIsCaring🧡💜🫶🏻

warner.digital/ms-speakers-...

Microsoft 365 Insider Program

@msft365insider.bsky.social

22 hours ago

Scale knowledge sharing with AI community agents in Viva Engage AI-powered community agents help communities speed up answers and reduce repetitive work for admins.

✨ Faster answers, fewer repeat questions. AI community agents in Viva Engage help communities stay productive and keep knowledge easy to find.

Details here: techcommunity.microsoft.com/blog/microso...

#Microsoft365 #VivaEngage #KnowledgeSharing

Office Watch

@officewatch.bsky.social

22 hours ago

"Don't rely on Copilot for important advice."
That's #Microsoft talking not a critic.
It's right there in the #Copilot Terms of Use
Here's what really means for #Microsoft365 customers
office-watch.com/2026/microsoft-copilot-e...

Vlad Catrinescu

@vladtalkstech.com

22 hours ago

Copilot Cowork: Now available in Frontier | Microsoft 365 Blog Today, Copilot Cowork—designed for long-running, multi-step work in Microsoft 365—is available via the Frontier program.

ICYMI: Copilot Cowork: Now available in Frontier | www.microsoft.com/en-us/micros... by the @microsoft365.microsoft.com team! #Microsoft365

Winbuzzer

@winbuzzer.com

22 hours ago

OneDrive Will Stop Sending Deleted Files to Local Recycle Bin Microsoft has announced that cloud-deleted OneDrive files will no longer appear in the local Recycle Bin starting May 2026, with no admin opt-out available.

winbuzzer.com/2026/04/07/m...

OneDrive Will Stop Sending Deleted Files to Local Recycle Bin

#OneDrive #Microsoft #Microsoft365 #MicrosoftSharePoint #MicrosoftWindows #macOS #CloudStorage #DataManagement #SharePoint #Windows11

Status Is Down

@statusisdown.bsky.social

1 day ago

Is Microsoft Outlook down? [April 7, 2026] Microsoft Outlook is reportedly down for hundreds of users on April 7, 2026. According to DownDetector, the surge appears to have started around 9:34AM Eastern Time. Several Outlook users have also ta...

Microsoft Outlook is reportedly down for hundreds of users at the moment. Are you one of them? #MicrosoftOutlook #OutlookDown #Microsoft365 #MicrosoftDown

Tony Redmond

@office365itpros.com

1 day ago

Flex Routing Dilemma for European Copilot Customers Microsoft plans to introduce flex routing to handle situations when demand exceeds capacity for Copilot processing in Europe. This could be an issue for tenants

Microsoft plans to introduce "flux routing" to offload high demand for Copilot LLM processing to datacenters outside the European Uniom/EFTA from April 17. Sending data for processing elsewhere might vex some European #Microsoft365 customers...
office365itpros.com/2026/04/07/f...

Adrian Ritter

@adrian.cloudkumpel.de

1 day ago

@adrianritter.cloudkumpel.de ⏳ One week to go!

The Copilot Community Conference EU is happening on April 14 – free, online, and packed with sessions on #MicrosoftCopilot for users, admins, agents & adoption.

👉 Register now: copilotcommunityconference.com

#CoCoCo #Microsoft365 #Copilot

Actueel365

@actueel365.bsky.social

1 day ago

Euro-Office moet Europees alternatief voor Microsoft 365 en Google Workspace worden. — Actueel365 Europese techbedrijven lanceren Euro-Office, een open-source alternatief dat moet uitgroeien tot concurrent van Microsoft 365 en Google Workspace.

Euro-Office moet Europees alternatief voor Microsoft 365 en Google Workspace worden.
Lees verder
#Actueel365 #Europa #EuroOffice #Microsoft365

Cybersecurity News Everyday

@hendryadrian.bsky.social

1 day ago

Microsoft removes Support and Recovery Assistant from Windows Microsoft has deprecated and removed the Support and Recovery Assistant (SaRA) command-line utility from all in-support Windows updates as of March 10 and urges IT admins to migrate to the Get Help command-line tool (GetHelpCmd.exe). Get Help offers similar scriptable diagnostics with enhanced security for troubleshooting Microsoft 365 apps like Outlook and Teams, while Microsoft continues to retire other apps and features such as Microsoft Authenticator autofill, Publisher, and Microsoft Lens. #SaRA #GetHelp #Microsoft365 #Outlook #MicrosoftAuthenticator #MicrosoftPublisher #MicrosoftLens

Microsoft has removed the Support and Recovery Assistant (SaRA) from all supported Windows updates as of March 10. IT admins are advised to switch to the more secure and scriptable Get Help tool for Microsoft 365 troubleshooting. #WindowsUpdate #Microsoft365

ReconBee

@reconbee.bsky.social

1 day ago

Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations been the focus of the campaign read more about Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations

Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations reconbee.com/iran-linked-...

#iran #passwordsprayingcampaign #israeli #microsoft365 #cybersecurity #cyberattack

Jonathan Kamens 86 47

@jik.federate.social.ap.brid.gy

1 day ago

#TechIsShitDispatch
When #Microsoft365 sends me an email telling me I have messages in quarantine, and I click on the button in the email to block the sender of one of the messages, it takes _22 seconds_ for the web page with the block button to load.
The […]

[Original post on federate.social]

iT4iNT SERVER

@it4intserver.bsky.social

1 day ago

Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations An Iran-nexus threat actor is suspected to be behind a password-spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. amid ongoing conflict in the Middle East. The activity, assessed to be ongoing, was carried out in three distinct attack waves that took place on March 3, March 13, and March 23, 2026, per Check Point. "The campaign is primarily

iT4iNT SERVER Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations VDS VPS Cloud #CyberSecurity #IranThreat #Microsoft365 #IsraelCyberAttack #PasswordSpraying

Status Is Down

@statusisdown.bsky.social

1 day ago

Microsoft 365 is reportedly down for some users right now. Are you one of them? #Microsoft #Microsoft365 #Microsoft365Down community.designtaxi.com/topic/26305-is-microsoft...

CySecurity News

@cysecuritynews.bsky.social

1 day ago

Microsoft 365 Phishing Bypasses MFA via OAuth Device Codes  A recent wave of phishing attacks is bypassing traditional security protections on Microsoft 365, even when multi‑factor authentication (MFA) is enabled. Instead of stealing passwords directly, attackers are abusing legitimate Microsoft login flows to trick users into granting access to their own accounts, effectively sidestepping the security codes that many organizations rely on for protection. These campaigns have already compromised hundreds of organizations, highlighting how modern phishing has evolved beyond simple fake login pages into sophisticated, session‑based attacks.  The core technique leverages Microsoft’s OAuth 2.0 device authorization flow, a feature designed for devices like printers and TVs that cannot display a full browser. Users receive a phishing email or SMS that looks like a legitimate Microsoft prompt, often claiming that a “secure authorization code” must be entered on a Microsoft login page. When the victim goes to the real Microsoft domain and inputs the code, they quietly grant an attacker‑controlled application long‑lived OAuth tokens that provide full access to their Microsoft 365 mailbox, OneDrive, and Teams.  Because the login happens on an actual Microsoft site, common phishing filters and user instincts often fail to detect anything unusual. The attacker never needs to capture a password or intercept an SMS code; they simply harvest the access and refresh tokens issued by Microsoft after the user completes MFA. This means that even changing passwords or waiting for a code to expire does not immediately cut off the attacker, since the stolen tokens can persist for extended periods unless explicitly revoked.  From there, threat actors typically move laterally inside the environment, reading sensitive emails, staging more phishing messages to contacts and colleagues, and sometimes preparing for business email compromise or invoice fraud. In some cases, compromised accounts are used to send follow‑up phishing emails that appear to come from within the organization, making them harder to flag and more likely to succeed. This “inside‑out” style of attack undermines trust in internal communications and can significantly slow down detection and response.  To counter these threats, organizations must go beyond standard MFA and focus on identity‑centric protections, including conditional access policies, risky‑sign‑in monitoring, and regular review of granted OAuth applications. Users should be trained to treat any unexpected authorization or device‑code request as suspicious, especially if they did not initiate a login, and to report such messages immediately. Combining strong technical controls with continuous security awareness remains the most effective way to reduce the risk of these advanced phishing campaigns on Microsoft 365.

Microsoft 365 Phishing Bypasses MFA via OAuth Device Codes #CyberFraud #Microsoft365 #phishing

Microsoft 365 Insider Program

@msft365insider.bsky.social

1 day ago

Work with Copilot as a co‑creator directly in Word for iPhone You can now work with Copilot as a co-creator directly in your Word document on your iPhone.

📱 Microsoft 365 Copilot is now a co-creator inside Word for iPhone.

You can:
• Draft and refine content
• Format using built-in styles
• Stay in your Word doc while you work

See how it works: techcommunity.microsoft.com/blog/microso...

#Microsoft365 #Microsoft365Copilot #WordforiPhone