security
944 TopicsMicrosoft Authenticator receives repeated unexpected sign-in requests from different countries.
I have received multiple unexpected Microsoft Authenticator number-matching requests over the last few weeks. The requests came from different countries (Mexico, France, and Spain), and I denied all of them. I changed my password after the first incident. My password is unique and stored in Bitwarden. I have Microsoft Authenticator enabled, and I do not use passwordless sign-in. The strange part is that these authentication requests do not appear in my Recent Activity page. Is there anything I can do to stop these requests? I came here because a support representative told me to. I appreciate all your help beforehand.11Views0likes0CommentsHotmail to Outlook Migration Broke My Account
A year or two ago, I updated my Microsoft account to try and migrate from hotmail.com to @outlook.com. Since then, my Microsoft account is broken. I log in with my @outlook.com email, but account.microsoft.com displays my hotmail.com email everywhere. Mobile apps will not stay logged in properly and kick me out after a day. On my account info page my @outlook.com email isn't even listed and hotmail.com is listed as primary, but only logging in with @outlook works. I'm pretty sure when I originally tried to migrate my account some exception wasn't handled properly part way through the process and my account is in some sort of database limbo. Is there anyone at Microsoft here that can help with this? Also, sorry if this isn't the right place to post this, but a call with Microsoft support pointed me here and there doesn't seem to be a "Microsoft Account Support" hub or space on this platform. If anyone knows of a better location feel free to suggest that as well. Thanks!85Views0likes1CommentDevice Bound Session Credentials Edge
Hi everyone, For a customer i did some research about token protection within M365. I did find a lot information what to configure within M365 to get a multi layer protection (CA, Identity Protection, device compliance, etc). What i didn't found was a solution for token/cookie protection from the browser, until i found this article: https://en.ittrip.xyz/windows/edge/edge-147-device-bound#index_id0 This article states that edge 147 supports Device Bound Session Credentials which makes it much harder to do a off-device replay of a cookie. It also is saying: If you buy rather than build, ask your identity provider or SaaS vendor a direct question: do you have a roadmap for Device Bound Session Credentials or an equivalent browser-session binding model? So my question is: Does M365 (via the browser) supports Device Bound Session Credentials or will it be supported any time soon? Hope you have a nice day! Regards, MJSolved78Views0likes2CommentsI received 2FA request but I can't identify the source
Since a couple of weeks, I've started received unwanted prompt on my phone to "confirm my identity": asking me to approve (second factor). Obviously, this isn't me and I reject those. At first, I was thinking it was just some phishing/stuffing attack, but I tried to find out how I could see those attempts and it is impossible to see "failed attempt" on the Windows Account web page or on the 2FA application. I have no clue how to investigate this, I would like to confirm what is the "source" of these attempts. Is there any way to have more extensive logs?39Views0likes2CommentsFraudThrottle Block SP/OD - 2+ Months Unresolved - Cases #2604230040009484, #2605260040000004
Summary: My organization's SharePoint and OneDrive access has been completely blocked for over 2 months due to a FraudThrottle flag. This is a production-blocking issue that standard SMB support has been unable to resolve despite two open support cases. Details: - SharePoint Online and OneDrive for Business are entirely inaccessible across the tenant - No downloads, uploads, or sync operations work - The block is caused by a FraudThrottle security flag triggered on our M365 E5 Developer trial subscription (purchased directly from Microsoft, not via CSP) - Support has confirmed the FraudThrottle block but has been unable to escalate or resolve it - The subscription status shows Active, but the FraudThrottle flag overrides access Cases: - Case #2604230040009484 (original) - Case #2605260040000004 (follow-up) What I Need: Escalation to the FraudThrottle/Identity protection engineering team to review and clear the false-positive block on our tenant. Standard support tiers have exhausted their ability to resolve this. Has anyone else experienced a similar FraudThrottle block on a dev/trial subscription? Any suggestions on how to expedite escalation to engineering? Thank you.Solved46Views0likes1CommentI built a free, open-source M365 security assessment tool - looking for feedback
I work as an IT consultant, and a good chunk of my time is spent assessing Microsoft 365 environments for small and mid-sized businesses. Every engagement started the same way: connect to five different PowerShell modules, run dozens of commands across Entra ID, Exchange Online, Defender, SharePoint, and Teams, manually compare each setting against CIS benchmarks, then spend hours assembling everything into a report the client could actually read. The tools that automate this either cost thousands per year, require standing up Azure infrastructure just to run, or only cover one service area. I wanted something simpler: one command that connects, assesses, and produces a client-ready deliverable. So I built it. What M365 Assess does https://github.com/Daren9m/M365-Assess is a PowerShell-based security assessment tool that runs against a Microsoft 365 tenant and produces a comprehensive set of reports. Here is what you get from a single run: 57 automated security checks aligned to the CIS Microsoft 365 Foundations Benchmark v6.0.1, covering Entra ID, Exchange Online, Defender for Office 365, SharePoint Online, and Teams 12 compliance frameworks mapped simultaneously -- every finding is cross-referenced against NIST 800-53, NIST CSF 2.0, ISO 27001:2022, SOC 2, HIPAA, PCI DSS v4.0.1, CMMC 2.0, CISA SCuBA, and DISA STIG (plus CIS profiles for E3 L1/L2 and E5 L1/L2) 20+ CSV exports covering users, mailboxes, MFA status, admin roles, conditional access policies, mail flow rules, device compliance, and more A self-contained HTML report with an executive summary, severity badges, sortable tables, and a compliance overview dashboard -- no external dependencies, fully base64-encoded, just open it in any browser or email it directly The entire assessment is read-only. It never modifies tenant settings. Only Get-* cmdlets are used. A few things I'm proud of Real-time progress in the console. As the assessment runs, you see each check complete with live status indicators and timing. No staring at a blank terminal wondering if it hung. The HTML report is a single file. Logos, backgrounds, fonts -- everything is embedded. You can email the report as an attachment and it renders perfectly. It supports dark mode (auto-detects system preference), and all tables are sortable by clicking column headers. Compliance framework mapping. This was the feature that took the most work. The compliance overview shows coverage percentages across all 12 frameworks, with drill-down to individual controls. Each finding links back to its CIS control ID and maps to every applicable framework control. Pass/Fail detail tables. Each security check shows the CIS control reference, what was checked, what the expected value is, what the actual value is, and a clear Pass/Fail/Warning status. Findings include remediation descriptions to help prioritize fixes. Quick start If you want to try it out, it takes about 5 minutes to get running: # Install prerequisites (if you don't have them already) Install-Module Microsoft.Graph, ExchangeOnlineManagement -Scope CurrentUser Clone and run git clone https://github.com/Daren9m/M365-Assess.git cd M365-Assess .\Invoke-M365Assessment.ps1 The interactive wizard walks you through selecting assessment sections, entering your tenant ID, and choosing an authentication method (interactive browser login, certificate-based, or pre-existing connections). Results land in a timestamped folder with all CSVs and the HTML report. Requires PowerShell 7.x and runs on Windows (macOS and Linux are experimental -- I would love help testing those platforms). Cloud support M365 Assess works with: Commercial (global) tenants GCC, GCC High, and DoD environments If you work in government cloud, the tool handles the different endpoint URIs automatically. What is next This is actively maintained and I have a roadmap of improvements: More automated checks -- 140 CIS v6.0.1 controls are tracked in the registry, with 57 automated today. Expanding coverage is the top priority. Remediation commands -- PowerShell snippets and portal steps for each finding, so you can fix issues directly from the report. XLSX compliance matrix -- A spreadsheet export for audit teams who need to work in Excel. Standalone report regeneration -- Re-run the report from existing CSV data without re-assessing the tenant. I would love your feedback I have been building this for my own consulting work, but I think it could be useful to the broader community. If you try it, I would genuinely appreciate hearing: What checks should I prioritize next? Which security controls matter most in your environment? What compliance frameworks are most requested by your clients or auditors? How does the report land with non-technical stakeholders? Is the executive summary useful, or does it need work? macOS/Linux users -- does it run? What breaks? I have tested it on macOS, but not extensively. Bug reports, feature requests, and contributions are all welcome on GitHub. Repository: https://github.com/Daren9m/M365-Assess License: MIT (free for commercial and personal use) Runtime: PowerShell 7.x Thanks for reading. Happy to answer any questions in the comments.3KViews2likes2CommentsMicrosoft Tightens Security for Self-Service Password Reset
Microsoft plans to improve the security of the Self-Service Password Reset (SSPR) facility in September 2026 by requiring users to register at least one authentication method. SSPR will then use the registered authentication method to verify user accounts when changing passwords. The change aligns SSPR with user sign-ins and improves security by removing fallback on directory attributes, which might be altered by attackers. https://office365itpros.com/2026/06/17/sspr-authentication-methods/133Views0likes0CommentsOffice 365 Mailbox Export to PST - Third Party Tools: What’s Your Experience?
Exporting Office 365 mailboxes to PST is still a common requirement in many Microsoft 365 environments, especially for backup, compliance, and migration scenarios. While Microsoft offers native options like Purview eDiscovery and Outlook export, many administrators also consider third-party tools when dealing with large mailboxes or bulk export requirements. In real-world scenarios, factors like speed, ease of use, permission handling, and consistency of exported data often influence the choice of tool. Some teams prefer native methods for compliance control, while others explore third-party solutions to simplify large-scale or repeated export tasks. For those working with Microsoft 365, what has your experience been with third-party PST export tools? Have they helped in your environment, or do you still rely mainly on Microsoft’s native options?207Views1like3CommentsHow should home and small org users address Kali365 Hijacking Microsoft 365 Access Tokens?
How should home and small organization small business users address the recent Federal Bureau of Investigation Public Service Announcement “to warn the public about an emerging Phishing-as-a-Service platform called Kali365, first seen in April 2026” See Alert Number I-052126-PSA 21 May 20261.2KViews0likes1CommentLocked Out of Global Admin – Lost Authenticator – Case 2602060010000939 – Need Escalation
I am locked out of my Global Administrator account because my phone broke on February 5, 2026 and I no longer have access to Microsoft Authenticator. There is no alternative authentication method configured. Case ID: 2602060010000939. I contacted support on February 6 and the ticket was set as Severity C with an 8-hour response expectation. After several days, I have only received generic replies and no contact from an engineer. This account is critical for my business operations, and I have now been without access for five days. I understand it was my responsibility to maintain backup methods, but I urgently need help from Microsoft to recover access. Please contact me. Samuel LeoSolved275Views1like2Comments