Tag

Microsoft 365

All articles tagged with #microsoft 365

Copilot's Bold Reach Fails to Pay Off as Adoption Stalls and Prices Rise
technology3 days ago

Copilot's Bold Reach Fails to Pay Off as Adoption Stalls and Prices Rise

Microsoft 365 Copilot remains a hard sell: under 4.5% of Microsoft 365 customers pay for the paid Copilot add‑on, and only about 1% are active weekly. Microsoft has raised prices for the paid tiers (up to about $30 per user per month) and expanded model options (including Claude) while keeping a free Copilot Chat tier, signaling a bundling strategy that aims to monetize AI even as adoption stays low.

ARToken: A New PhaaS Armoring EvilTokens’ Microsoft 365 Toolkit
security7 days ago

ARToken: A New PhaaS Armoring EvilTokens’ Microsoft 365 Toolkit

Cisco Talos flags ARToken as a new phishing-as-a-service platform allied with EvilTokens, offering a wide toolkit to steal Microsoft 365 tokens, maintain persistence with Primary Refresh Tokens, and access Outlook, SharePoint, and OneDrive. It uses Cloudflare Workers for deployment, supports multi-tenant campaigns, and includes inbox rules, keyword monitoring, and data exfiltration tools. The kit mirrors EvilTokens’ device-code phishing flow to bypass MFA, with research suggesting a shared ecosystem and AI-enabled workflows that automate BEC-style fraud. Security teams should prioritize behavioral AI defenses and robust email security controls.

ConsentFix: Fast Token Theft Targets Microsoft 365 Sign-Ins
technology8 days ago

ConsentFix: Fast Token Theft Targets Microsoft 365 Sign-Ins

A new attack variant called ConsentFix hijacks Microsoft 365 OAuth sign‑in flows by tricking users into dragging a localhost callback link, stealing OAuth tokens and granting attackers ongoing access to email and other services without passwords or MFA. Attackers use trusted phishing lures, map targets via LinkedIn, and publicly share the blueprint, lowering the bar for criminals. Defenses require more than awareness—look for abnormal PowerShell activity, unusual logins, and strengthen endpoint/identity monitoring to detect session/token theft before damage occurs.

Microsoft to Auto-Install Copilot on Windows 11 for 365 Business, Opt-Out Within 30 Days
technology18 days ago

Microsoft to Auto-Install Copilot on Windows 11 for 365 Business, Opt-Out Within 30 Days

Microsoft will resume automatic installation of the Microsoft 365 Copilot app on eligible Windows devices with Microsoft 365 desktop apps, rolling out between mid-June and mid-July. Admins can opt out, with the European Economic Area exempt from changes. The Copilot app is delivered via the Office updater (not Windows Store) and Copilot features are being integrated across Word, Excel, PowerPoint, Outlook, Teams, and the web. Users can disable Copilot per app or via privacy settings, and admins can use policies to block it, though complete removal isn’t simple and may require broader configuration.

Office 2021 Exits Support This October as Microsoft Pushes 365
technology20 days ago

Office 2021 Exits Support This October as Microsoft Pushes 365

Microsoft will end official support for Office 2021 on October 13, 2026, leaving users without patches or security updates. The company is nudging users toward Microsoft 365 or Office 2024. To stay on Office 2021, you can run offline, download and scan files locally, keep Windows Security updated, freeze add-ins, and consider hybrid workflows or alternate tools like LibreOffice; otherwise plan an upgrade before the deadline.

Microsoft Scout: OpenClaw-Powered Personal AI for Microsoft 365
technology1 month ago

Microsoft Scout: OpenClaw-Powered Personal AI for Microsoft 365

Microsoft is previewing Scout, an always-on personal AI assistant built on OpenClaw that integrates with Microsoft 365 apps to manage calendars, emails, travel, and tasks. It reads Teams and email to surface what matters, can suggest optimal travel times, and is designed to run in the cloud with a desktop Frontier preview in the US before broader rollout, backed by security measures like sandboxing, Defender, and privacy reviews. Microsoft is contributing to the OpenClaw core rather than shipping a separate product, while Google pursues Gemini Spark to connect with Workspace apps, signaling a new enterprise AI race.

Dell secures $9.7B DoD software deal amid political ties
defense1 month ago

Dell secures $9.7B DoD software deal amid political ties

Dell Federal Systems won a five-year, roughly $9.7 billion Department of Defense contract to supply Microsoft 365, cloud services and on-premises licensing under a second-generation enterprise software agreement, with expected annual savings of about $422 million through consolidated licensing; the award followed a competitive process and comes amid public ties between Dell founder Michael Dell and Donald Trump, including a pledge to fund 'Trump accounts' for children.

FBI Warns Kali365 PhaaS Bypasses MFA on Microsoft 365
cybersecurity1 month ago

FBI Warns Kali365 PhaaS Bypasses MFA on Microsoft 365

The FBI issued a PSA about Kali365, a phishing‑as‑a‑service that exploits Microsoft’s OAuth device-code flow to hijack Entra and Microsoft 365 accounts, stealing session tokens and bypassing MFA. Kali365, distributed via Telegram, provides AI‑generated phishing lures, automated campaigns, and real‑time dashboards, with two attack modes: device‑code phishing and a Cookie Link adversary‑in‑the‑middle. Arctic Wolf observed global campaigns targeting Microsoft 365 environments, including creating malicious inbox rules and registering new devices. The FBI urges blocking device‑code authentication with Conditional Access, auditing usage, reporting incidents to IC3, and preserving phishing emails and suspicious activity. Device-code phishing has surged in 2026, with other PhaaS tools like EvilTokens and Tycoon2FA using similar methods.

Tycoon2FA Expands to Device-Code Phishing Targeting Microsoft 365
security1 month ago

Tycoon2FA Expands to Device-Code Phishing Targeting Microsoft 365

A new Tycoon2FA variant uses device-code phishing via a Trustifi click-tracking URL to hijack Microsoft 365 accounts by steering victims to the legitimate device-login flow at microsoft.com/devicelogin, granting attackers OAuth tokens and access to email, calendar, and files. After a takedown, the kit resurfaced with obfuscation and new delivery chains, prompting defenders to disable the device-code flow when not needed, restrict OAuth permissions, enable Continuous Access Evaluation, and monitor Entra logs for deviceCode activity and related IoCs.

Microsoft 365 Copilot Flaws Lead to Data Exposure, Cloud Fix Deployed
cyber-security2 months ago

Microsoft 365 Copilot Flaws Lead to Data Exposure, Cloud Fix Deployed

Microsoft disclosed and fully mitigated three critical cloud-side information-disclosure vulnerabilities affecting Microsoft 365 Copilot and Copilot Chat in Edge (CVE-2026-26129, CVE-2026-26164, CVE-2026-33111). The flaws—rooted in improper handling of special elements and command injection—could allow leakage of sensitive enterprise data over the network. Mitigations are deployed at the service level; no patches or admin actions are required. Security teams should review Copilot data access permissions and enforce least-privilege to reduce exposure from future flaws.

Outlook Sign-In Glitch Persists as Microsoft Rolls Back Change
technology2 months ago

Outlook Sign-In Glitch Persists as Microsoft Rolls Back Change

Microsoft Outlook users began experiencing sign-in failures and intermittent errors ('too many requests') on Monday. Microsoft rolled back a recent backend configuration change, but the rollback did not resolve the outage, and the company is continuing to investigate and monitor the issue, with updates on its status page and X account; Copilot issues are separate and not related to the Outlook outage.

Microsoft counters MacBook Neo with bundled Office and Game Pass on Windows laptops
technology2 months ago

Microsoft counters MacBook Neo with bundled Office and Game Pass on Windows laptops

Microsoft counters Apple's MacBook Neo by promoting Windows laptops priced to compete, offering college students a free year of Microsoft 365 Premium, Xbox Game Pass Ultimate, and a customized Xbox controller with eligible devices through July 31. The promotion spotlights budget-friendly rigs from Dell, HP, Lenovo, and Acer that match or beat the Neo on price and specs, in a move driven by Neo demand and supply pressures in the PC market.

Microsoft's College Offer bundles software with budget laptops, but trails the MacBook Neo
technology-and-electronics-computing2 months ago

Microsoft's College Offer bundles software with budget laptops, but trails the MacBook Neo

Microsoft's College Offer bundles Microsoft 365 Premium, Xbox Game Pass Ultimate, a custom Xbox controller, and discounted laptops for students, touting up to $500 in value; however, its appeal hinges on new-subscription rules and a limited redemption window, making the deal less straightforward or compelling than Apple's $500 MacBook Neo, with cheaper partner laptops like the Lenovo IdeaPad Slim 3x ($500) and HP Omnibook 3 ($429).