Support tip: Upcoming Microsoft Intune network changes
We know many customers don’t always check their service change messages in the Microsoft 365 admin center or the corresponding Message Center content in the Microsoft Intune admin center, so in this blog post we’re highlighting an important upcoming change to Intune network service endpoints. Starting on or shortly after December 2, 2025, Intune will also use Azure Front Door IP addresses to improve security and simplify firewall management. If your organization uses outbound traffic policies based on IP addresses or service tags, you’ll want to review and update your firewall rules to avoid service disruptions. We’ll keep you updated if the timeline shifts. In the meantime, here’s the service change communication that posted to all Intune customers: MC1147982 - Action Required: Update firewall configurations to include new Intune network endpoints As part of Microsoft’s ongoing Secure Future Initiative (SFI), starting on or shortly after December 2, 2025, the network service endpoints for Microsoft Intune will also use Azure Front Door IP addresses. This improvement supports better alignment with modern security practices and over time will make it easier for organizations using multiple Microsoft products to manage and maintain their firewall configurations. As a result, customers may be required to add these network (firewall) configurations in third-party applications to enable proper function of Intune device and app management. This change will affect customers using a firewall allowlist that allows outbound traffic based on IP addresses or Azure service tags. Do not remove any existing network endpoints required for Microsoft Intune. Additional network endpoints are documented as part of the Azure Front Door and service tags information referenced in the files linked below: Public clouds: Download Azure IP Ranges and Service Tags – Public Cloud from Official Microsoft Download Center Government clouds: Download Azure IP Ranges and Service Tags – US Government Cloud from Official Microsoft Download Center The additional ranges are those listed in the JSON files linked above and can be found by searching for “AzureFrontDoor.MicrosoftSecurity”. How this will affect your organization If you have configured an outbound traffic policy for Intune IP address ranges or Azure service tags for your firewalls, routers, proxy servers, client-based firewalls, VPN or network security groups, you will need to update them to include the new Azure Front Door ranges with the “AzureFrontDoor.MicrosoftSecurity” tag. Intune requires internet access for devices under Intune management, whether for mobile device management or mobile application management. If your outbound traffic policy doesn’t include the new Azure Front Door IP address ranges, users may face login issues, devices might lose connectivity with Intune, and access to apps like the Intune Company Portal or those protected by app protection policies could be disrupted. What you need to do to prepare Ensure that your firewall rules are updated and added to your firewall’s allowlist with the additional IP addresses documented under Azure Front Door by December 2, 2025. Alternatively, you may add the service tag “AzureFrontDoor.MicrosoftSecurity” to your firewall rules to allow outbound traffic on port 443 for the addresses in the tag. If you are not the IT admin who can make this change, notify your networking team. If you are responsible for configuring internet traffic, refer to the following documentation for more details: Azure Front Door Azure service tags Intune network endpoints US government network endpoints for Intune If you have a helpdesk, inform them about this upcoming change. If you need additional assistance, contact Microsoft Intune Support and refer to this Message Center post. Note: The above post went to all customers in our public cloud. Customers in Microsoft Intune for US Government GCC High and DoD received the following post (the only difference is the focus on US government network endpoints): MC1147978 - Action Required: Update firewall configurations to include additional Intune network endpoints If you have any questions, leave a comment below or reach out to us on X @IntuneSuppTeam or @MSIntune. You can also connect with us on LinkedIn.Save the date: Windows Office Hours - September 18, 2025
Save the date for our next monthly Windows Office Hours, on September 18th from 8:00-9:00a PT! We will have a broad group of product experts, servicing experts, and engineers representing Windows, Microsoft Intune, Configuration Manager, Windows 365, Windows Autopilot, security, public sector, FastTrack, and more. They will be standing by -- in chat -- to provide guidance, discuss strategies and tactics, and, of course, answer any specific questions you may have. For more details about how Windows Office Hours works, go to our Windows IT Pro Blog. If you can't make it at 8:00 a.m. Pacific Time, post your questions on the Windows Office Hours: September 18th event page, up to 48 hours in advance.Safeguard & protect your custom Copilot Agents (Cyber Dial Agent)
Overview and Challenge Security Operations Centers (SOCs) and InfoOps teams are constantly challenged to reduce Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR). Analysts often spend valuable time navigating multiple blades in Microsoft Defender, Purview, and Defender for Cloud portals to investigate entities like IP addresses, devices, incidents, and AI risk criteria. Sometimes, investigations require pivoting to other vendors’ portals, adding complexity and slowing response. Cyber Dial Agent is a lightweight agent and browser add-on designed to streamline investigations, minimize context switching, and accelerate SecOps and InfoOps workflows. What is Cyber Dial Agent? The Cyber Dial Agent is a “hotline accelerator” that provides a unified, menu-driven experience for analysts. Instead of manually searching through multiple portals, analysts simply select an option from a numeric menu (1–10), provide the required value, and receive a clickable deep link that opens the exact page in the relevant Microsoft security portal. Agent base experience The solution introduces a single interaction model: analysts select an option from a numeric menu (1–10), provide the required value, and receive a clickable deep link that opens the exact page in the Microsoft Defender, Microsoft Purview, Microsoft Defender for Cloud portal. Browser based add-on experience The add-on introduces a unified interaction model: analysts select an option from a numeric menu (1–10), enter the required value, and are immediately redirected to the corresponding entity page with full details provided. Why It Matters Faster Investigations: Analysts pivot directly to the relevant entity page, reducing navigation time by up to 60%. Consistent Workflows: Standardized entry points minimize errors and improve collaboration across tiers. No Integration Overhead: The solution uses existing Defender and Purview URLs, avoiding complex API dependencies. Less complex for the user who is not familiar with Microsoft Defender/Purview Portal. Measuring Impact Track improvements in: Navigation Time per Pivot MTTD and MTTR Analyst Satisfaction Scores Deployment and Setup Process: Here’s a step-by-step guide for importing the agent that was built via Microsoft Copilot Studio solution into another tenant and publishing it afterward: Attached a direct download sample link, click here ✅ Part 1: Importing the Agent Solution into Another Tenant Important Notes: Knowledge base files and authentication settings do not transfer automatically. You’ll need to reconfigure them manually. Actions and connectors may need to be re-authenticated in the new environment. ✅ Part 2: Publishing the Imported Agent Here’s a step-by-step guide to add your browser add-on solution in Microsoft Edge (or any modern browser): ✅ Step 1: Prepare and edit your add-on script Copy the entire JavaScript snippet you provided, starting with: javascript:(function(){ const choice = prompt( "Select an option to check the value in your Tenant:\n" + "1. IP Check\n" + "2. Machine ID Check\n" + "3. Incident ID Check\n" + "4. Domain-Base Alert (e.g. mail.google.com)\n" + "5. User (Identity Check)\n" + "6. Device Name Check\n" + "7. CVE Number Check\n" + "8. Threat Actor Name Check\n" + "9. DSPM for AI Sensitivity Info Type Search\n" + "10. Data and AI Security\n\n" + "Enter 1-10:" ); let url = ''; if (choice === '1') { const IP = prompt("Please enter the IP to investigate in Tenant:"); url = 'https://security.microsoft.com/ip/' + encodeURIComponent(IP) + '/'; } else if (choice === '2') { const Machine = prompt("Please enter the Device ID to investigate in Tenant:"); url = 'https://security.microsoft.com/machines/v2/' + encodeURIComponent(Machine) + '/'; } else if (choice === '3') { const IncidentID = prompt("Please enter the Incident ID to investigate in Tenant:"); url = 'https://security.microsoft.com/incident2/' + encodeURIComponent(IncidentID) + '/'; } else if (choice === '4') { const DomainSearch = prompt("Please enter the Domain to investigate in Tenant:"); url = 'https://security.microsoft.com/url?url=%27 + encodeURIComponent(DomainSearch); } else if (choice === %275%27) { const userValue = prompt("Please enter the value (AAD ID or Cloud ID) to investigate in Tenant:"); url = %27https://security.microsoft.com/user?aad=%27 + encodeURIComponent(userValue); } else if (choice === %276%27) { const deviceName = prompt("Please enter the Device Name to investigate in Tenant:"); url = %27https://security.microsoft.com/search/device?q=%27 + encodeURIComponent(deviceName); } else if (choice === %277%27) { const cveNumber = prompt("Enter the CVE ID | Example: CVE-2024-12345"); url = %27https://security.microsoft.com/intel-profiles/%27 + encodeURIComponent(cveNumber); } else if (choice === %278%27) { const threatActor = prompt("Please enter the Threat Actor Name to investigate in Tenant:"); url = %27https://security.microsoft.com/intel-explorer/search/data/summary?&query=%27 + encodeURIComponent(threatActor); } else if (choice === %279%27) { url = %27https://purview.microsoft.com/purviewforai/data%27; } else if (choice === %2710%27) { url = %27https://portal.azure.com/#view/Microsoft_Azure_Security/SecurityMenuBlade/~/AscInformationProtection'; } else { alert("Invalid selection. Please refresh and try again."); return; } if (!url) { alert("No URL generated."); return; } try { window.location.assign(url); } catch (e) { window.open(url, '_blank'); } })(); Make sure it’s all in one line (bookmarklets cannot have line breaks). If your code has line breaks, you can paste it into a text editor and remove them. ✅ Step 2: Open Edge Favorites Open Microsoft Edge. Click the Favorites icon (star with three lines) or press Ctrl + Shift + O. Click Add favorite (or right-click the favorites bar and choose Add page). ✅ Step 3: Add the Bookmark Name: Microsoft Cyber Dial URL: Paste the JavaScript code you copied (starting with javascript:). Click Save. ✅ Step 4: Enable the Favorites Bar (Optional) If you want quick access: Go to Settings → Appearance → Show favorites bar → Always (or Only on new tabs). ✅ Step 5: Test the Bookmarklet Navigate to any page (e.g., security.microsoft.com). Click Microsoft Cyber Dial from your favorites bar. A prompt menu should appear with options 1–10. Enter a number and follow the prompts. ⚠ Important Notes Some browsers block javascript: in bookmarks by default for security reasons. If it doesn’t work: Ensure JavaScript is enabled in your browser. Try running it from the favorites bar, not the address bar If you see encoding issues (like %27), replace them with proper quotes (' or "). Safeguard, monitor, protect, secure your agent: Using Microsoft Purview (DSPM for AI) https://purview.microsoft.com/purviewforai/ Step-by-Step: Using Purview DSPM for AI to Secure (Cyber Dial Custom Agent) Copilot Studio Agents: Prerequisites Ensure users have Microsoft 365 E5 Compliance and Copilot licenses. Enable Microsoft Purview Audit to capture Copilot interactions. Onboard devices to Microsoft Purview Endpoint DLP (via Intune, Group Policy, or Defender onboarding). Deploy the Microsoft Purview Compliance Extension for Edge/Chrome to monitor web-based AI interactions. Access DSPM for AI in Purview Portal Go to the https://compliance.microsoft.com. Navigate to Solutions > DSPM for AI. Discover AI Activity Use the DSPM for AI Hub to view analytics and insights into Copilot Studio agent activity. See which agents are accessing sensitive data, what prompts are being used, and which files are involved. Apply Data Classification and Sensitivity Labels Ensure all data sources used by your Copilot Studio agent are classified and labeled. Purview automatically surfaces the highest sensitivity label applied to sources used in agent responses. Set Up Data Loss Prevention (DLP) Policies Create DLP policies targeting Copilot Studio agents: Block agents from accessing or processing documents with specific sensitivity labels or information types. Prevent agents from using confidential data in AI responses. Configure Endpoint DLP rules to prevent copying or uploading sensitive data to third-party AI sites. Monitor and Audit AI Interactions All prompts and responses are captured in the unified audit log. Use Purview Audit solutions to search and manage records of activities performed by users and admins. Investigate risky interactions, oversharing, or unethical behavior in AI apps using built-in reports and analytics. Enforce Insider Risk and Communication Compliance Enable Insider Risk Management to detect and respond to risky user behavior. Use Communication Compliance policies to monitor for unethical or non-compliant interactions in Copilot Studio agents. Run Data Risk Assessments DSPM for AI automatically runs weekly risk assessments for top SharePoint sites. Supplement with custom assessments to identify, remediate, and monitor potential oversharing of data by Copilot Studio agents. Respond to Recommendations DSPM for AI provides actionable recommendations to mitigate data risks. Activate one-click policies to address detected issues, such as blocking risky AI usage or unethical behavior. Value Delivered Reduced Data Exposure: Prevents Copilot Studio agents from inadvertently leaking sensitive information. Continuous Compliance: Maintains regulatory alignment with frameworks like NIST AI RMF. Operational Efficiency: Centralizes governance, reducing manual overhead for security teams. Audit-Ready: Ensures all AI interactions are logged and searchable for investigations. Adaptive Protection: Responds dynamically to new risks as AI usage evolves. Example: Creating a DLP Policy in Microsoft Purview for Copilot Studio Agents In Purview, go to Solutions > Data Loss Prevention. Select Create Policy. Choose conditions (e.g., content contains sensitive info, activity is “Text sent to or shared with cloud AI app”). Apply to Copilot Studio agents as the data source. Enable content capture and set the policy mode to “Turn on.” Review and create the policy. Test by interacting with your Copilot Studio agent and reviewing activity in DSPM for AI’s Activity Explorer. ✅ Conclusion The Cyber Dial Agent combined with Microsoft Purview DSPM for AI creates a powerful synergy for modern security operations. While the Cyber Dial Agent accelerates investigations and reduces context switching, Purview DSPM ensures that every interaction remains compliant, secure, and auditable. Together, they help SOC and InfoSec teams achieve: Faster Response: Reduced MTTD and MTTR through streamlined navigation. Stronger Governance: AI guardrails that prevent data oversharing and enforce compliance. Operational Confidence: Centralized visibility and proactive risk mitigation for AI-driven workflows. In an era where AI is deeply integrated into security operations, these tools provide the agility and control needed to stay ahead of threats without compromising compliance. 📌 Guidance for Success Start step-by-step: Begin with a pilot group and a limited set of policies. Iterate Quickly: Use DSPM insights to refine your governance model. Educate Users: Provide short training on why these controls matter and how they protect both the organization and the user. Stay Current: Regularly review Microsoft Purview and Copilot Studio updates for new features and compliance enhancements. 🙌 Acknowledgments A special thank you to the following colleagues for their invaluable contributions to this blog post and the solution design: Zaid Al Tarifi – Security Architect, Customer Success Unit, for co-authoring and providing deep technical insights that shaped this solution. Safeena Begum Lepakshi – Principal PM Manager, Microsoft Purview Engineering Team, for her guidance on DSPM for AI capabilities and governance best practices. Renee Woods – Senior Product Manager, Customer Experience Engineering Team, for her expertise in aligning the solution with customer experience and operational excellence. Your collaboration and expertise made this guidance possible and impactful for our security community.🚀✨ Are you ready for a power-packed, productive, and inspiring October? ✨🚀
Here we go, friends! 🎉 The October Calendar is officially here, right on time, as always! 🗓️💯 This month, we’re bringing you a lineup of world-class sessions designed to help you: 🌍 Explore the https://www.linkedin.com/company/101186090/admin/page-posts/published/?share=true# ecosystem from new perspectives 💡 Gain practical skills you can apply immediately 🤝 Connect with experts and a global community of learners 🚀 Stay ahead with the latest innovations in Azure, AI, Power Platform, Security, and beyond. What makes this calendar stand out is the incredible diversity of voices and expertise it brings together. 🌍 You’ll hear from global speakers who share not just theory, but real-world experiences across different industries, giving you insights that truly matter. And the best part? ⏰ No matter where you are in the world, the sessions are scheduled across multiple time zones so you can always join in. Even better, everything is completely free and open, because learning and growth should be accessible to everyone. 💙 🔗 Check out the full list of sessions, register today, and prepare yourself for an amazing month of learning, networking, and growth. 🔥 This isn’t just another calendar, it’s your chance to grow, connect, and be inspired alongside thousands of passionate learners across the globe. 🙌 Let’s make October unforgettable together in the https://www.linkedin.com/company/101186090/admin/page-posts/published/?share=true# way! 💙 📢 https://www.linkedin.com/in/kaspersvenmozartjohansen/ 📅 October 4, 2025 06:00 PM CET 📖 Get started with a modern zero trust remote access solution: Microsoft Global Secure Access 🖇️ https://streamyard.com/watch/3APZGyZFRyQS?wt.mc_id=MVP_350258 📢 https://www.linkedin.com/in/akanksha-malik/ 📅 October 7, 2025 19:00 PM AEST 📅 October 7, 2025 10:00 AM CET 📖 Unlocking Document Insights with Azure AI 🖇️ https://streamyard.com/watch/M6qvUYdv58tt?wt.mc_id=MVP_350258 📢 https://www.linkedin.com/in/rexdekoning/ 📅 October 11, 2025 06:00 PM CET 📖 Azure Functions and network security.. Can it be done? 🖇️ https://streamyard.com/watch/RHzXr5bpYHFY?wt.mc_id=MVP_350258 📢 https://www.linkedin.com/in/jeevarajankumar/ 📅 October 7, 2025 18:00 PM AEST 📅 October 19, 2025 09:00 AM CET 📖 D365 Field Service 101 🖇️ https://streamyard.com/watch/RtDkftSxhn7P?wt.mc_id=MVP_350258 📢 https://www.linkedin.com/in/priyankashah/ 📅 October 21, 2025 19:00 PM AEST 📅 October 21, 2025 10:00 AM CET 📖 FSI and Gen AI: Wealth management advisor with Azure Foundry Agents and MCP 🖇️ https://streamyard.com/watch/Vb5rUWMBN9YN?wt.mc_id=MVP_350258 📢 https://www.linkedin.com/in/monaghadiri/ 📅 October 25, 2025 06:00 PM CET 📖 The Role of Sentence Syntax in Security Copilot: Structured Storytelling for Effective Defence 🖇️ https://streamyard.com/watch/EtPkn2EZkauD?wt.mc_id=MVP_350258
Refining Attack Paths: Prioritizing Real-World, Exploitable Threats
Introduction Cybersecurity teams today face an overwhelming volume of potential threats, alerts, and hypothetical scenarios. The digital landscape is vast, dynamic, and ever-shifting, especially as organizations increasingly operate across complex cloud infrastructures. When every signal is treated with equal weight, security practitioners risk drowning in noise, losing sight of what truly matters: the most urgent, externally sourced threats poised to leave a meaningful impact. Our goal is simple: reducing risk. That’s why our focus stays on the core problem — not just listing misconfigurations but showing how attackers could actually exploit them. Over the past year, we’ve evolved our exposure management strategy so that security issues, from Defender (https://learn.microsoft.com/en-us/defender) are no longer viewed in isolation, but connected through attack paths to tell a complete story. It’s time to rethink how risk is defined and how defenses are prioritized, as this directly shapes the proactive security steps that follow. We’re excited to share important updates to our platform that bring more clarity and focus on how organizations understand, respond to, and mitigate real-world risks. This post will walk you through the key changes to attack paths, including enhancements for cloud environments, and explain what this means for security teams. What Is an attack path? An attack path represents how an attacker could move through your environment — from an entry point, across misconfigurations or vulnerabilities, toward critical assets. It highlights exploitable sequences across your cloud and on-prem architecture, showing how risks connect. Historically, attack paths also included many potential or low-probability scenarios, which, while thorough, sometimes distracted teams from urgent threats. Cloud Attack Paths: Enhanced Visibility and Precision The most significant changes in this release center on cloud environments, where the attack surface is vast and interconnected. Here’s what cloud security teams can expect: attack paths now surface only the most urgent, exploitable, and externally initiated threats, dramatically reducing informational noise and boosting operational efficiency. This change means that security teams can focus their efforts where it matters, defending the cloud assets most likely to be targeted and exploited in real attacks. The streamlined interface ensures that critical risks rise to the top, enabling rapid response and reducing the cognitive load on analysts. Under the Hood: How This New Model Exposes Real-World Cloud Risks This change is more than attack path triage refinement. It's a structural shift in how cloud threats are discovered and prioritized. Behind the scenes, we’ve expanded our detection logic to analyze a broad spectrum of cloud resource exposures across storage accounts, containers, serverless environments, unprotected repositories, unmanaged APIs, and even AI agents. These components often fall outside traditional scanning scopes, where scanning tools typically focus on virtual machines, known CVEs and perimeter services, yet they represent high-value entry points for attackers. By anchoring attack paths to externally observable signals—like exposed endpoints, misconfigured access controls, or leaked credentials—we ensure that each surfaced path begins with a demonstrable, exploitable weakness that an attacker could realistically use as a foothold. To support the passive analysis of cloud configurations, that is, inspecting resource metadata and configuration settings without sending traffic to the asset, we’ve launched an active scanning mechanism to validate the actual reachability of identified exposures. While passive analysis helps map potential misconfigurations across resources, active scans confirm whether exposures are truly reachable from an external attacker’s perspective. This dual-layered approach reduces noise and false positives, ensuring that the attack paths we surface reflect real-world, actionable threats, not just theoretical risks. On-Premises Attack Path Update: End Game Asset Termination While our main update is cloud-centric, we’ve also introduced a significant configuration change for on-premises attack paths. Attack routes are now configured to terminate automatically upon reaching any of the following asset types: Domain Admins Enterprise Admins Domain Controllers These assets are classified as “End Game”—if an adversary compromises any of them, they effectively gain full control over your domain. This automatic termination ensures consistency and clarity, helping defenders visualize high-impact scenarios and prioritize accordingly. Why This Matters: Operational Impact For security professionals, time and attention are precious resources. The difference between a theoretical risk and an actionable threat can mean the difference between prevention and breach. By sharpening the focus of attack paths, we empower defenders to: Respond more quickly to genuine risks. Allocate resources to the threats most likely to result in compromise. Reduce fatigue and cognitive overload. Build a clear, reliable process for detecting and responding to threats. This evolution isn’t just about filtering noise—it’s about enabling security teams to make strategic decisions with confidence, clarity, and speed. Looking Ahead: Future Research and Exploratory Experiences While this update narrows focus to urgent threats, we recognize the value of long-term planning. In future releases, we’ll introduce exploratory tools that allow teams to simulate scenarios like: What happens if this user is compromised? Which assets would be at risk if this service is breached? These tools will support strategic planning while keeping the main interface focused on real-time risk. Stay Focused, Stay Secure The attack path experience has always been about empowering defenders with the context and clarity needed to protect what matters most. With this update—especially the sharpened focus on cloud attack paths—we’re taking a step forward in helping organizations cut through the noise, visualize real risk, and act with purpose. Security teams can now stay focused on the most urgent, externally sourced threats—without losing sight of the broader strategic picture. As we move forward, research and community input will be vital in shaping the next generation of attack path intelligence, ensuring our solutions remain both actionable and adaptable. Stay tuned for more updates, and as always, stay focused—stay secure. To learn more: https://learn.microsoft.com/en-us/security-exposure-management/whats-new#refined-attack-path-experienceTrusted Signing Public Preview Update
Nearly a year ago we announced the Public Preview of Trusted Signing with availability for organizations with 3 years or more of verifiable history to onboard to the service to get a fully managed code signing experience to simplify the efforts for Windows app developers. Over the past year, we’ve announced new features including the Preview support for Individual Developers, and we highlighted how the service contributes to the Windows Security story at Microsoft BUILD 2024 in the Unleash Windows App Security & Reputation with Trusted Signing session. During the Public Preview, we have obtained valuable insights on the service features from our customers, and insights into the developer experience as well as experience for Windows users. As we incorporate this feedback and learning into our General Availability (GA) release, we are limiting new customer subscriptions as part of the public preview. This approach will allow us to focus on refining the service based on the feedback and data collected during the preview phase. The limit in new customer subscriptions for Trusted Signing will take effect Wednesday, April 2, 2025, and make the service only available to US and Canada-based organizations with 3 years or more of verifiable history. Onboarding for individual developers and all other organizations will not be directly available for the remainder of the preview, and we look forward to expanding the service availability as we approach GA. Note that this announcement does not impact any existing subscribers of Trusted Signing, and the service will continue to be available for these subscribers as it has been throughout the Public Preview. For additional information about Trusted Signing please refer to Trusted Signing documentation | Microsoft Learn and Trusted Signing FAQ | Microsoft Learn.
Non system disk or disk error
My PC has been working just fine for about 4 years but yesterday I went to switch it on and I get 'Non system disk or disk error replace and strike any key' Searching online says this is an issue with my operating system, but any ideas on what to do to fix this would be appreciated.
