Starting September 7, 2026, Microsoft Entra ID will require explicitly registered authentication methods for Self-Service Password Reset (SSPR) verification. This blog dives into the details of this security update and the critical actions admins must take to prepare.
Until now, organizations needed an Office 365 Extra File Storage add-on for additional SharePoint storage, which required fixed-capacity purchases that often led to unused costs. To address this, Microsoft has introduced a pay-as-you-go billing model for SharePoint storage in Microsoft 365. This allows organizations to pay only for the additional storage they consume beyond their included quota. In this blog, we’ll explore Microsoft’s pay-as-you-go SharePoint storage model and how it can help optimize costs.
The introduction of Device Soft Delete in Microsoft Entra ID (Public Preview) brings a much-needed recovery layer for device management. Instead of being permanently deleted, devices now move into a soft-deleted state, allowing admins a 30-day window to restore them when needed.
Starting in early June 2026, Microsoft Outlook will support external email tags within inbox rules, allowing users to automatically organize and categorize external emails for improved prioritization.
Microsoft has integrated the Power Automate workflow experience directly into SharePoint Online. This allows users to view, create, and manage workflows without leaving the SharePoint site interface. This also introduces a context-aware “Mad-Lib” style automation experience that automatically prefills trigger inputs such as SharePoint sites, lists, and libraries to simplify workflow creation.
Storm-2949 is a sophisticated identity-based attack campaign where a single compromised Microsoft 365 account can lead to wider access across Microsoft 365 and Azure environments. Instead of relying on malware, the attackers abused trusted Microsoft services, MFA workflows, tokens, and permissions to silently move deeper into the environment.
Struggling to automate secure monitor manage M365?
Try AdminDroid for Free!Get Microsoft 365 Security tips & best practices
Discover why attackers target workload identities and how to detect, remediate, and secure them in Microsoft Entra ID.
13 min read
Microsoft will require registered authentication methods for SSPR verification. Find unregistered users amd prepare for enforcement.
4 min read
Learn how to securely configure the My Staff portal in Microsoft Entra ID using PIM and Conditional Access to protect delegated admin access.
9 min read
Create a SharePoint site ownership policy to detect ownerless sites, notify users to assign owners, and enforce read-only or archive actions.
11 min read
Detect Storm-2949 attacks in Microsoft 365 using AdminDroid. Identify and act early before it escalates into a cloud breach
8 min read
Learn how to control unmanaged device access in SharePoint Online to protect data by limiting or blocking access from non-compliant devices at tenant and site level.
11 min read
Explore default user permissions in Microsoft 365 and learn how to manage these built-in settings that are enabled by default.
13 min read
Discover how the Shadow AI page in Microsoft 365 helps you identify, monitor, and block unauthorized AI tools to reduce risk and secure usage.
4 min read
Discover the top Microsoft 365 security settings you should disable to reduce risks, prevent data exposure, and strengthen tenant security.
16 min read
Learn how to prevent calendar phishing attacks in Microsoft 365 and protect users from malicious meeting invites that bypass email security.
12 min read
Learn how to configure Multi Admin Approval in Intune to prevent accidental device wipes and add an extra layer of administrative control.
11 min read
Explore how ConsentFix attack abuses trusted Microsoft 365 first-party app access and learn mitigations to prevent OAuth token misuse.
15 min read