Starting September 7, 2026, Microsoft Entra ID will require explicitly registered authentication methods for Self-Service Password Reset (SSPR) verification. This blog dives into the details of this security update and the critical actions admins must take to prepare.
Until now, organizations needed an Office 365 Extra File Storage add-on for additional SharePoint storage, which required fixed-capacity purchases that often led to unused costs. To address this, Microsoft has introduced a pay-as-you-go billing model for SharePoint storage in Microsoft 365. This allows organizations to pay only for the additional storage they consume beyond their included quota. In this blog, we’ll explore Microsoft’s pay-as-you-go SharePoint storage model and how it can help optimize costs.
The introduction of Device Soft Delete in Microsoft Entra ID (Public Preview) brings a much-needed recovery layer for device management. Instead of being permanently deleted, devices now move into a soft-deleted state, allowing admins a 30-day window to restore them when needed.
Starting in early June 2026, Microsoft Outlook will support external email tags within inbox rules, allowing users to automatically organize and categorize external emails for improved prioritization.
Microsoft has integrated the Power Automate workflow experience directly into SharePoint Online. This allows users to view, create, and manage workflows without leaving the SharePoint site interface. This also introduces a context-aware “Mad-Lib” style automation experience that automatically prefills trigger inputs such as SharePoint sites, lists, and libraries to simplify workflow creation.
Storm-2949 is a sophisticated identity-based attack campaign where a single compromised Microsoft 365 account can lead to wider access across Microsoft 365 and Azure environments. Instead of relying on malware, the attackers abused trusted Microsoft services, MFA workflows, tokens, and permissions to silently move deeper into the environment.
Struggling to automate secure monitor manage M365?
Try AdminDroid for Free!Explore hands-on guides, admin tips, and automation to simplify Active Directory management.
Learn how to reset the Default Domain Policy and Default Domain Controllers Policy in Active Directory to restore back their factory state.
10 min read
Discover best practices for Active Directory break glass accounts to ensure secure and reliable access during critical incidents.
11 min read
Learn how to install and import the Active Directory PowerShell module on workstations and servers to manage users, groups, OUs, GPOs, etc.
9 min read
Learn how to delete unwanted protected OUs to maintain a clean and well-organized Active Directory.
6 min read
Learn Group Policy Management in Active Directory with 10+ key actions, including creating, linking, importing GPOs, and more.
20 min read
Learn how to demote a domain controller in AD with pre-checks, graceful and forced demotion methods, metadata cleanup, and common fixes.
17 min read
Learn how to implement the Active Directory tiered administration model to reduce credential exposure and prevent lateral movement attacks.
14 min read
Learn how to configure and manage password policies in Active Directory to enforce strong passwords and secure your environment.
11 min read
Explore step-by-step methods to identify insecure RC4 usage in Active Directory Kerberos tickets and disable them to strengthen security.
16 min read
Learn how Group Policy Results Wizard helps troubleshoot Active Directory GPO issues by showing all applied and denied policy settings with clear troubleshooting insights.
10 min read
Explore why Microsoft is disabling NTLM by default in Active Directory and Windows environment and learn how to prepare using NTLM auditing.
4 min read
Discover how to find the account lockout source in Active Directory to quickly pinpoint the cause and resolve recurring user lockouts.
12 min read