Microsoft Identity & Security Changes
Key Questions
When will passkeys become the default authentication method in Entra ID?
Entra ID passkeys become the default authentication method starting September 1, 2026, with SMS and voice options retired by February 2027.
How are attackers spoofing OAuth client IDs in Entra ID?
Attackers forge OAuth client IDs to conceal compromise attempts in Entra sign-in logs, as identified in Proofpoint campaigns.
What phishing technique targets Microsoft 365 via device code flow?
Evilginx phishing operations exploit the device code flow to gain unauthorized access to M365 environments.
What expansions are included in Microsoft Defender Experts?
Defender Experts now offers enhanced threat intelligence prioritization and expanded multicloud coverage.
Which security features are covered in the CTO Guide for Intune?
The guide highlights the Vulnerability Remediation Agent in Intune and network security perimeters for Service Bus.
Entra ID passkeys become default auth from Sept 1, 2026; SMS/voice retired by Feb 2027. Fake OAuth client IDs spoof sign-in logs. Evilginx phishing ops target M365 with device code flow. Secure Boot update blocked on some PCs. CTO Guide includes Vulnerability Remediation Agent in Intune and network security perimeter for Service Bus.