Redmond Magazine

Microsoft Alters Azure Active Directory Refresh Token Settings

Microsoft has changed the default settings for Azure Active Directory refresh tokens, but just for new tenancies. Refresh token expirations were causing access frustrations for end users, Microsoft ...
CRN

Microsoft: Cloud Email Breach Still Under ‘Ongoing Investigation’

While an API flaw that enabled the attack to succeed has been fixed, Microsoft is still trying to figure out how the attackers were able to acquire an Azure Active Directory key in the first place.
MCPmag

Token Lifetime Policies for Azure Active Directory Hits Preview

A new application control feature in Azure Active Directory is now available for preview. The control gets managed by specifying how long a token that's used to access an application is allowed to ...
Bleeping Computer

Microsoft still unsure how hackers stole Azure AD signing key

Microsoft says it still doesn't know how Chinese hackers stole an inactive Microsoft account (MSA) consumer signing key used to breach the Exchange Online and Azure AD accounts of two dozen ...
Dark Reading

Microsoft IDs Security Gaps that Let Threat Actors Steal Signing Key

Several security missteps on Microsoft's part allowed a China-based threat actor to forge authentication tokens and access user email from some 25 Microsoft enterprise customers earlier this year, the ...