Weekly signals from the Microsoft security ecosystem
Short, curated updates with links to the original sources. Published roughly weekly.
Signal Roundup — 20 June 2026
Five items this week: Conditional Access extends to baseline-scope sign-ins, self-service password reset will require registered authentication methods, a North Korean npm supply-chain compromise, an AI-agent host takeover from a single web page, and central authorization for Claude's MCP connectors.
Signal Roundup — 10 June 2026
Six items this week: a record-breaking June Patch Tuesday with three public zero-days, a Purview label that blocks Copilot and connected services from reading content, a prompt injection flaw in the Claude Code GitHub Action, threat actors using AI brand names as phishing bait, Microsoft's push toward the Artifact Registry for PowerShell modules, and container labels that now cover guest access to security groups.
Signal Roundup — 30 May 2026
A quieter week, four items: a typosquatted npm supply-chain attack harvesting cloud and CI/CD secrets, Microsoft's analysis of the self-propagating Gentlemen ransomware, Exchange Online's move to REST-based calendar sharing, and Anthropic's Zero Trust framework for AI agents.
Signal Roundup — 24 May 2026
Four items: Microsoft Entra ID Account Recovery and Purview DSPM reach GA; Exchange Online DLP shifts OWA client-side checks from Transport to Data Classification Services; AutoRest deprecation puts the Graph PowerShell SDK pipeline at risk; and Search-UnifiedAuditLog gains a MoreRecordsAvailable property.
Mid-week Signal Roundup — 16 May 2026
Three mid-week items: Microsoft's AI-assisted synthetic attack log generation for detection engineering, the Exchange Server SE May hotfix beginning the EWS-to-Graph migration for hybrid rich coexistence, and Microsoft's defence-in-depth guidance for autonomous AI agents.
Week 21, 2026 — Signal Roundup
Four items this week: Microsoft's technical breakdown of the Kazuar nation-state botnet linked to Russia's FSB, exploitable misconfigurations in AI tools including MCP servers, least-privilege Graph API guidance for group permissions, and automating SharePoint Online file archiving.
Welcome to Signal
A short note on what Signal is, how often it publishes, and what to expect.
Week 20, 2026 — Signal Roundup
Entra ID begins enforcing Conditional Access for OIDC-only sign-ins; Windows Autopatch hotpatch goes on by default; Defender XDR alert tuning reaches GA; Purview adds dynamic-group label scoping; and Patch Tuesday fixes 120 vulnerabilities.