Know MCP risks before you deploy!
The Model Context Protocol (MCP) is emerging as a powerful standard for enabling AI agents to interact with tools and data. However, like any evolving technology, MCP introduces new security challenges that organizations must address before deploying it in production environments. Major MCP Vulnerabilities MCP’s flexibility comes with risks. Here are the most critical vulnerabilities: Prompt Injection Attackers embed hidden instructions in user input, manipulating the model to trigger unauthorized MCP actions and bypass safety rules. Tool Poisoning Malicious MCP servers provide misleading tool descriptions or parameters, tricking agents into leaking sensitive data or executing harmful commands. Remote Code Execution Untrusted servers can inject OS-level commands through compromised endpoints, enabling full control over the host environment. Unauthenticated Access Rogue MCP servers bypass authentication and directly call sensitive tools, extracting internal data without user consent. Confused Deputy (OAuth Proxy) A malicious server misuses OAuth tokens issued for a trusted agent, performing unauthorized actions under a legitimate identity. MCP Configuration Poisoning Attackers silently modify approved configuration files so agents execute malicious commands as if they were part of the original setup. Token or Credential Theft Plaintext MCP config files expose API keys, cloud credentials, and access tokens, making them easy targets for malware or filesystem attacks. Path Traversal Older MCP filesystem implementations allow navigation outside the intended directory, exposing sensitive project or system files. Token Passthrough Some servers blindly accept forwarded tokens, allowing compromised agents to impersonate other services without validation. Session Hijacking Session IDs appearing in URLs can be captured from logs or redirects and reused to access active sessions. Current Known Limitations While MCP is promising, it has structural limitations that organizations must plan for: Lack of Native Tool Authenticity Verification There is no built-in mechanism to verify if a tool or server is genuine. Trust relies on external validation, increasing exposure to tool poisoning attacks. Weak Context Isolation Multi-session environments risk cross-contamination, where sensitive data from one session leaks into another. Limited Built-In Encryption Enforcement MCP depends on HTTPS/TLS for secure communication but does not enforce encryption across all channels by default. Monitoring & Auditing Gaps MCP lacks native logging and auditing capabilities. Organizations must integrate with external SIEM tools like Microsoft Sentinel for visibility. Dynamic Registration Risks Current implementations allow dynamic client registration without granular controls, enabling rogue client onboarding. Scalability Constraints Large-scale deployments require manual tuning for performance and security. There is no standardized approach for load balancing or high availability. Configuration Management Challenges Credentials often stored in plaintext within MCP config files. Lack of automated secret rotation or secure vault integration makes them vulnerable. Limited Standardization Across Vendors MCP is still evolving, and interoperability between different implementations is inconsistent, creating integration complexity. Mitigation Best Practices To reduce risk and strengthen MCP deployments: Enforce OAuth 2.1 with PKCE and strong RBAC. Use HTTPS/TLS for all MCP communications. Deploy MCP servers in isolated networks with private endpoints. Validate tools before integration; avoid untrusted sources. Integrate with Microsoft Defender for Cloud and Sentinel for monitoring. Encrypt and rotate credentials; never store in plaintext. Implement policy-as-code for configuration governance. MCP opens new possibilities for AI-driven automation, but without robust security, it can become an attack vector. Organizations must start with a secure baseline, continuously monitor, and adopt best practices to operationalize MCP safely.
Extremely Slow Performance Since Defender Was Pushed on Us
Compliance, Security, Protection, and Defender are all extremely slow, with responses from screen to screen ranging from 30 seconds to multiple minutes between clicking items and waiting for Microsoft cloud to return results. I have a GB link and speed test well over 600 Mbps so it's not on my end. It appears the cutover in late January to this new "Defender" platform has been extremely detrimental to the Office portal response times in these portals. What is being done to resolve this?
New Blog | Keep your online activity safer on public Wi-Fi with Microsoft Defender for individuals
By Ashwin PR Figure 1 - Privacy protection UI on the Defender mobile app Public Wi-Fi is usually free, easy and convenient, but not necessarily always safe. As they say, there is no ‘free lunch’ . Microsoft Defender for individuals 1 aims to provide a safer online experience wherever you go and late last year, we introduced privacy protection (VPN) 2 , so you can browse without having to worry about your personal data being intercepted over an unsecure Wi-Fi connection. Read the full post here: Keep your online activity safer on public Wi-Fi with Microsoft Defender for individualsMicrosoft Security Product Reviews on Gartner Peer Insights: Give product feedback & get rewarded!
We love hearing more about our customers’ experience with our products! We’re currently working on growing our product reviews of Microsoft Security products on Gartner Peer Insights. We would love for you to participate and share your thoughts, feedback, and experiences using Microsoft Security products to help others in their buying process. To provide feedback on the capabilities of the Microsoft Security products, please click on the link below. You will need to first log in to your Gartner Peer Insights account or take 30 seconds to create a free account. Once you have completed your review, GPI will prompt you to choose a gift card option. Gift cards are valued at $25 USD, and they are available in multiple currencies worldwide. As soon as your review is approved, the card will be made available to you digitally. Microsoft Entra ID Microsoft Defender for Office 365 Microsoft Sentinel Microsoft Purview eDiscovery Each person is limited to one review per product on the above-mentioned site. Only Microsoft customers are eligible to participate. Microsoft partners and MVPs are not eligible. The offer is good only for those who submit a product review on Gartner Peer Insights as linked on this page. Any gift returned as non-deliverable will not be re-sent. Microsoft reserves the right to cancel, change, or suspend this offer at any time without notice. The offer is non-transferable and cannot be combined with any other offer. This offer runs through June 30, 2025, or while supplies last, and is not redeemable for cash. Taxes, if there are any, are the sole responsibility of the recipient. This offer does not apply to customers in Cuba, Iran, North Korea, Sudan, Syria, Region of Crimea, Russia, and China. Please see the below for more information Microsoft Privacy Statement Gartner’s Community Guidelines & Gartner Peer Insights Review GuideNew Blog | Secure your AI transformation with Microsoft Security
By Daniela Villarreal Generative AI is reshaping business today for every individual, every team, and every industry. Organizations engage with GenAI in a variety of ways – from purchasing and using finished GenAI apps to developing, deploying, and operating custom-built GenAI apps. GenAI broadens the attack surface of applications through prompts, training data, models, and more – thereby effectively changing the threat landscape with new risks such as direct or indirect prompt injection attacks, data leakage, and data oversharing. In March this year, we shared how Microsoft Security helps organizations discover, protect, and govern the use of GenAI apps like Copilot for M365. Today, we’re thrilled to introduce additional capabilities for that scenario and new capabilities to secure and govern the development, deployment, and runtime of custom-built GenAI apps. With these new innovations, Microsoft Security is at the forefront of AI security to support our customers on their AI journey by being the first security solution provider to offer threat protection for AI workloads and providing comprehensive security to secure and govern AI usage and applications. Secure and govern GenAI you build: Discover new AI attack surfaces with AI security posture management (AI-SPM) in Microsoft Defender for Cloud for AI apps using Azure OpenAI Service, Azure Machine Learning, and Amazon Bedrock Protect your AI apps using Azure OpenAI in runtime with threat protection for AI workloads in Microsoft Defender for Cloud, the first cloud-native application protection platform (CNAPP) to provide runtime protection for enterprise-built AI apps using Azure OpenAI Service Secure and govern GenAI you use: Discover and mitigate data security and compliance risks with Microsoft Purview AI Hub, now offering new insights, including visibility into unlabeled data and SharePoint sites that are referenced by Copilot for M365 and non-compliant usage such as regulatory collusion, money laundering, and targeted harassment for M365 interactions Govern AI use to comply with regulatory requirements with 4 new AI compliance assessments in Microsoft Purview Compliance Manager Discover new AI attack surfaces As organizations embrace GenAI, many accelerate adoption with pre-built GenAI applications while others choose to develop GenAI applications in-house, tailored to their unique use cases, security controls and compliance requirements. Organizations from all industries are racing to transform their applications with AI, with over half of Fortune 500 companies using Azure OpenAI. With all the new components of AI workloads such as models, SDKs, training, and grounding data – the visibility into understanding all the configurations of these new components and the risks associated with them is more important than ever. With new AI security posture management (AI-SPM) capabilities in Microsoft Defender for Cloud, security admins can continuously discover and inventory their organization’s AI components across Azure OpenAI Service, Azure Machine Learning, and Amazon Bedrock – including models, SDKs, and data – as well as sensitive data used in grounding, training, and fine tuning LLMs. Admins can find vulnerabilities, identify exploitable attack paths, and easily remediate risks to get ahead of active threats. Figure 1: Attack path analysis in Defender for Cloud identifies an indirect risk to an Azure OpenAI resource where an attacker can exploit vulnerabilities via an internet exposed VM to potentially gain access and control of the AI resource, model deployments, and data. Read the full post here: Secure your AI transformation with Microsoft SecurityNew Blog | Understanding Cloud Native Application Protection Platforms (CNAPP)
By Erica Toelle Giulio Astori, Principal Product Manager at Microsoft, joins Erica Toelle and guest host Yuri Diogenes on this week's episode of Uncovering Hidden Risks. Giulio Astori works as a Principal Program Manager for Microsoft Defender for Cloud and Yuri has been at Microsoft for the past 18 years and manages a Product Management team for the Defender for Cloud Product. In this discussion, Giulio delves into the world of Cloud Native Application Protection Platforms (CNAPPs), explaining their significance and utility in enhancing cloud security and protecting workloads. He explores the distinction between CNAPPs and Cloud Security Posture Management, shedding light on their roles in bolstering organizational security. In This Episode You Will Learn: What a Cloud Native Application Protection Platform is and why it's useful The difference between CNAPP and Cloud Security Posture Management How organizations can start to plan for CNAPP adoption Read the full post here: Understanding Cloud Native Application Protection Platforms (CNAPP)New Blog | Expanding privacy protection in Microsoft Defender for individuals
By Ashwin PR Figure 1: Privacy protection/VPN At Microsoft, we believe privacy is a fundamental human right. Our apps and solutions are centered around privacy and the latest addition to Microsoft Defender for individuals 1 is the inclusion of privacy protection 2 that helps protect your privacy when browsing online or on public Wi-Fi. Privacy protection expansion Late last year we launched privacy protection on Android to our United States-based users. Today, we are adding privacy protection to iOS in the US and United Kingdom and extending current privacy protection on Android to the United Kingdom. Privacy protection is coming soon to Windows and macOS as well and will be available in more regions in the coming months. Microsoft Defender is available exclusively with a Microsoft 365 Personal or Family subscription. Advertisers target you with ads based on your browsing location by capturing your IP address/location to improve their targeting. Your location is amongst many tracking mechanisms used to digitally profile you. And, we are often on-the-go; be it coffee shops, airports, hotels, or everywhere else. And we want to stay connected. Wi-Fi is free and convenient to use which also means hackers may exploit it. Unsecure Wi-Fi comes with its own risks where hackers may gain access to your personal and sensitive data. There is no guarantee that public Wi-Fi hotspots are always safe to connect to. Here are a few examples of attacks that show how public Wi-Fi hotspots can compromise your privacy and security. Read the full post here: Expanding privacy protection in Microsoft Defender for individuals
Newsletter for updates - as per customer request
one of my colleague asked a question and i couldn't help him maybe here you ll be able to clarify <::One of my customers mentioned, that they want to be proactively informed about security incidents and news around the topic security from Microsoft, as they have critical infrastructure. Does anyone know, which newsletter that customer could register for?::>
Missing data from the Office Activity logs
I run a query on a daily basis that uses the OfficeActivity table and filters the term Send within the operation field. I started to notice that my results were decreasing so I ran a summary for the past month and noticed a huge decrease in OfiiceActivity capturing the send activity. Any thoughts on what would be the cause of this? PS it is not sentinel missing data, because when I check the activity in Defender for cloud, the results are the same. Here is the query I ran: OfficeActivity | where TimeGenerated > ago(30d) | where Operation contains "Send" | summarize count() by bin(TimeGenerated, 1d) And here are the results: TimeGenerated [UTC] count_ 8/25/2023 417 8/24/2023 66 8/23/2023 93 8/22/2023 77 8/21/2023 73 8/20/2023 16 8/19/2023 17 8/18/2023 326 8/17/2023 2978 8/16/2023 3175 8/15/2023 4106 8/14/2023 3632 8/13/2023 466 8/12/2023 527 8/11/2023 2516 8/10/2023 3187 8/9/2023 3143 8/8/2023 3289 Now today it is looking like it is starting to climb back but I need to rely on this data so I wouldn't mind knowing why it stopped for almost a week. (no changes that would impact our environment were made btw)
