Skip to main content
Microsoft Security

Microsoft Security Blog

Microsoft Incident Response lessons on preventing cloud identity compromise 

In real-world customer engagements, Microsoft Incident Response (Microsoft IR) sees combinations of issues and misconfigurations that could lead to attacker access to customers’ Microsoft Entra ID tenants. Effective protection of a customer’s Entra ID tenant is less challenging than protecting an Active Directory deployment but does require governance and monitoring. Reducing risk and exposure of your most privileged accounts plays a critical role in preventing or detecting attempts at tenant-wide compromise.

Simplify endpoint management with Microsoft Intune

Microsoft Intune is a cloud-based unified endpoint management platform that empowers IT to manage, assess, and protect apps and devices.

Diamond Sleet supply chain compromise distributes a modified CyberLink installer 

Microsoft has uncovered a supply chain attack by the threat actor Diamond Sleet (ZINC) involving a malicious variant of an application developed by CyberLink Corp. This malicious file is a legitimate CyberLink application installer that has been modified to include malicious code that downloads, decrypts, and loads a second-stage payload. The file, which was signed using a valid certificate issued to CyberLink Corp., is hosted on legitimate update infrastructure owned by the organization.

Retain Microsoft Security Experts

Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.