Vue lecture

Il y a de nouveaux articles disponibles, cliquez pour rafraîchir la page.

Evaluating the Microsoft 365 E5 step-up amid rising licensing costs

Evaluating the Microsoft 365 E5 step-up amid rising licensing costs
Microsoft is increasing the list price for M365 E5 to $60 per user while eliminating volume discounts, creating a significant financial hurdle for enterprise renewals. The value of the E5 "step-up" primarily rests on two pillars: the Defender security suite and Purview compliance tools. While Microsoft bundles additional features like Power BI Pro and Teams Phone, these often provide marginal value for organizations that do not require enterprise-wide telephony or advanced data visualization.

Source

Microsoft Teams to automate AI meeting archiving and expand admin controls

Microsoft Teams to automate AI meeting archiving and expand admin controls
Microsoft Teams will soon automatically generate AI meeting archive files with a .meeting extension to enhance Copilot and Facilitator responses. These archives capture structured insights rather than raw transcript snippets and are stored in a secure, tenant-owned SharePoint Embedded container. Administrators can manage this feature through a new organization-wide policy setting, which is enabled by default for all eligible meetings.

Source

CISA mandates urgent patching for exploited SharePoint remote code execution flaw

CISA mandates urgent patching for exploited SharePoint remote code execution flaw
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-58644 to its Known Exploited Vulnerabilities catalog following evidence of zero-day exploitation. This critical flaw allows authenticated attackers with Site Owner permissions to execute arbitrary code on vulnerable on-premises SharePoint Server instances. The vulnerability stems from the deserialization of untrusted data, a process where a program improperly parses malicious data to recreate an object, leading to unauthorized command execution.

Source

Microsoft postpones Exchange Online PowerShell Credential parameter retirement

Microsoft postpones Exchange Online PowerShell Credential parameter retirement
Microsoft has extended the deadline for removing the Credential parameter from Exchange Online PowerShell modules following feedback from the administrator community. Originally scheduled for retirement in July 2026, the parameter will now remain supported on the client side until December 2026. This change specifically impacts the Connect-ExchangeOnline and Connect-IPPSSession cmdlets, which are frequently used to manage automated tasks.

Source

How to schedule Teams meetings from shared mailboxes

How to schedule Teams meetings from shared mailboxes
Scheduling Teams meetings from a shared mailbox is a supported feature provided the delegate has full access permissions and a valid Teams license. Currently, this process requires the use of the classic Outlook client because the new Outlook does not yet support creating Teams meetings within shared mailbox calendars. When the meeting is created, the shared mailbox is automatically designated as the organizer, though delegates should assign co-organizers to manage the live session.

Source

Microsoft sets support deadlines for OneDrive sync on Windows 10

Microsoft sets support deadlines for OneDrive sync on Windows 10
Microsoft will terminate support for the OneDrive sync client on Windows 10 version 22H1 and all earlier releases starting August 15, 2026. This decision ends an extended support period for the application on operating systems that officially reached their end-of-life status in late 2022. While the client will not be blocked from running immediately after the deadline, it will no longer receive security patches, bug fixes, or new features.

Source

CISA warns of actively exploited SharePoint Server vulnerabilities

CISA warns of actively exploited SharePoint Server vulnerabilities
CISA has issued an urgent warning regarding three vulnerabilities in on-premises SharePoint Server versions that are currently being exploited in the wild. The affected software includes SharePoint Server 2016, 2019, and the Subscription Edition. Threat actors are chaining these flaws to bypass security measures and gain unauthorized access to corporate environments.

Source

Microsoft mandates stricter security controls for Cloud Solution Providers

Microsoft mandates stricter security controls for Cloud Solution Providers
Microsoft is implementing a system-wide overhaul of its partner ecosystem to mitigate risks associated with Cloud Solution Providers (CSPs). These partners are frequent targets for nation-state actors seeking a vector to compromise downstream customer environments and steal sensitive data. To counter this, Microsoft is transitioning from reactive controls to a proactive, integrated security model that emphasizes continuous validation and identity verification.

Source

Microsoft releases July 2026 security updates for Exchange Server SE and ESU versions

Microsoft releases July 2026 security updates for Exchange Server SE and ESU versions
Microsoft has launched its July 2026 security updates for Exchange Server, providing critical fixes for the Subscription Edition (SE) and legacy on-premises versions. The release addresses several high-severity vulnerabilities, including a critical spoofing flaw (CVE-2026-55008) with a CVSS score of 9.6 and a remote code execution bug. While the update for Exchange SE is publicly available, updates for Exchange 2016 and 2019 are restricted to organizations enrolled in the Period 2 Extended Security Update (ESU) program.

Source

Microsoft issues July 2026 security updates for Exchange Server ESU customers

Microsoft issues July 2026 security updates for Exchange Server ESU customers
Microsoft has released the July 2026 security updates for Exchange Server 2016, 2019, and the Subscription Edition. These updates provide a permanent fix for CVE-2026-42897, a critical vulnerability that previously required temporary manual mitigations. While Exchange Server Subscription Edition updates are available through standard channels, the patches for legacy versions are restricted to specific cumulative update levels.

Source

Exchange Online adds cross-tenant message recall and duplicate group detection

Exchange Online adds cross-tenant message recall and duplicate group detection
Microsoft is expanding Exchange Online’s message recall functionality to allow users to retrieve emails sent to external Microsoft 365 tenants. Previously, this capability was restricted to recipients within the same organization, failing as soon as a message passed through an outbound connector. The new cross-tenant feature operates on a trust-based model where the receiving organization must explicitly permit the action.

Source

Microsoft adds tenant-level permalink controls to SharePoint Online

Microsoft adds tenant-level permalink controls to SharePoint Online
SharePoint Online has introduced a new administrative setting called "Use permalinks" to manage heading links across the environment. This feature traditionally displayed icons next to every page heading to allow users to copy direct links to specific sections. While beneficial for sharing documentation, the automated icons created significant navigation hurdles for users relying on assistive technologies.

Source

New phishing kits Jalisco and OmegaLord bypass MFA for Microsoft 365 access

New phishing kits Jalisco and OmegaLord bypass MFA for Microsoft 365 access
Two new phishing kits, Jalisco and OmegaLord, have emerged to target Microsoft 365 accounts by circumventing multi-factor authentication (MFA). Jalisco utilizes the OAuth 2.0 device-code flow, a mechanism intended for devices without browsers, to trick users into authorizing an attacker's session. By generating fresh codes in real-time, the kit bypasses the standard 15-minute expiration window and grants attackers full account access without requiring passwords.

Source

New Outlook for Windows adds native Planner integration and cross-tenant message recall

New Outlook for Windows adds native Planner integration and cross-tenant message recall
Microsoft is integrating its Planner project management tool directly into the New Outlook for Windows client to streamline task workflows. This update places Planner in the left-hand sidebar alongside existing Office applications and Microsoft To Do. The feature will be enabled by default for all users in the coming weeks to reduce the need for context switching between separate windows.

Source

Microsoft to retire native SMS and voice authentication for Entra ID

Microsoft to retire native SMS and voice authentication for Entra ID
Microsoft will officially retire its native telephony-based authentication services, including SMS one-time codes and voice calls, on February 1, 2027. This change ends the built-in delivery of these methods within Entra ID to encourage the adoption of phishing-resistant alternatives. Organizations that fail to transition by this deadline risk significant sign-in disruptions for users who rely solely on phone-based verification.

Source

Microsoft Entra ID to enforce passkeys and retire legacy MFA by 2027

Microsoft Entra ID to enforce passkeys and retire legacy MFA by 2027
Microsoft Entra ID will begin a major transition on September 1, 2026, by making passkeys the default authentication method for all public cloud tenants. Users currently relying on SMS or voice-based multifactor authentication will be automatically enabled for passkeys and prompted to register one during their next sign-in challenge. This shift aims to replace phishable credentials with public-key cryptography, which uses local device biometrics or PINs to ensure authentication data never leaves the user's hardware.

Source

Security teams weaponize prompt injection to neutralize malicious AI agents

Security teams weaponize prompt injection to neutralize malicious AI agents
Prompt injection is evolving from an offensive exploit into a defensive strategy known as context bombing. By embedding forbidden instructions into sensitive data or decoy secrets, defenders can trigger an AI model's internal safety guardrails to force a shutdown. This technique effectively cuts off the command chain of hostile AI agents before they can exfiltrate data or gain administrative control over cloud environments.

Source

Microsoft Teams screen sharing bug impacts macOS users in government clouds

Microsoft Teams screen sharing bug impacts macOS users in government clouds
Microsoft has identified a persistent bug in Teams for macOS that causes screen-sharing sessions to freeze, fail, or display as a blank black screen. The issue predominantly affects organizations operating within Microsoft 365 Government environments, including GCC, GCC High, and DoD tenants. While the problem is most frequent on devices with low memory or high disk usage, it is specifically tied to older operating system versions.

Source

❌