
Best Practices for Emergency Accounts in Active Directory
Discover best practices for Active Directory break glass accounts to ensure secure and reliable access during critical incidents.
11 min read
Microsoft has officially announced that passkeys will become the default authentication method in Microsoft Entra, replacing Microsoft-provided SMS and voice authentication. The change begins rolling out on September 1, 2026, with the transition completing on February 1, 2027.
Microsoft is adding two new PowerShell settings that let admins control who can join federated group chats in Microsoft Teams. These settings are disabled by default and will roll out globally between late July and late September 2026.
Microsoft has introduced cross-tenant message recall in Exchange Online. This feature allows users to recall emails sent to external Microsoft 365 tenants. It is disabled by default and works only when the receiving organization explicitly enables it and adds the sender’s Microsoft Entra tenant IDs to an allow list via PowerShell. The rollout begins in mid-August 2026, delivering a secure recall experience for cross-organization collaboration.
Microsoft’s Network Data Security helps protect sensitive company data when people use AI tools, cloud apps, or websites outside of managed Microsoft 365 apps. It checks data in real time as it is being uploaded, pasted, or shared, and can block it if it breaks company rules. It works by combining Microsoft Purview’s data protection with Microsoft Entra’s network control to make sure sensitive information doesn’t accidentally leave the organization.
Microsoft recently introduced manual incident creation in preview for Defender to help security teams investigate threats beyond automated detections. Analysts can now instantly track, manage, and correlate user reported threats and other security findings, even when no alert is generated automatically.
Microsoft has introduced two new service plans named ‘Entra Conditional Access for Agents’ and ‘Entra ID Protection for Agents’ under Microsoft 365 Agent and E7 licenses. Starting in July 2026, organizations using agent security capabilities must ensure they have the required Microsoft 365 Agent or E7 licenses to continue accessing these features without disruption. This blog explains the licensing update, its impact on organizations, and the steps admins should take to ensure AI agents remain protected.
Struggling to automate secure monitor manage M365?
Try AdminDroid for Free!One stop place for comprehensive Microsoft 365 security checklists, covering all services.

Discover best practices for Active Directory break glass accounts to ensure secure and reliable access during critical incidents.
11 min read

Discover the top Microsoft 365 security settings you should disable to reduce risks, prevent data exposure, and strengthen tenant security.
16 min read

Explore how ConsentFix attack abuses trusted Microsoft 365 first-party app access and learn mitigations to prevent OAuth token misuse.
15 min read

Explore step-by-step methods to identify insecure RC4 usage in Active Directory Kerberos tickets and disable them to strengthen security.
16 min read

Discover 15 SharePoint permissions best practices to prevent unauthorized access, manage permissions efficiently, and stay in control.
13 min read

Learn how to prevent Teams sprawl with 10 proven strategies to improve governance and reduce security risks.
12 min read

Discover the top Microsoft 365 admin blogs of 2025, featuring the latest tips and best practices to help you manage your M365 environment.
15 min read

Explore the crucial Microsoft Teams governance strategies to improve collaboration and ensure compliant use of Teams across the organization.
11 min read

Cybersecurity Month wrap-up: Strengthen IT environments and secure Microsoft 365, Active Directory, hybrid, and AI platforms.
11 min read

Explore key strategies to safeguard employee personal data across apps, devices, and cloud services in modern hybrid workplaces.
8 min read

Local admin accounts can make or break security. Learn all risks and practical steps to secure local admins and protect devices from privilege abuse.
7 min read

Protect your remote work environment by implementing 11 remote desktop access best practices to prevent data leaks caused by unauthorized access.
8 min read