Strengthening cyber defense in the age of agentic AI with Microsoft Sentinel
Microsoft Sentinel has now evolved beyond a cloud-native SIEM into a unified, AI-powered security platform, connecting analytics and context across ecosystems at scale. With a centralized, purpose-built security data lake and graph capabilities, organizations gain deeper insights and richer context for more effective cyberthreat detection and investigation. The Model Context Protocol (MCP) server and agentic tools make data agent-ready, paving the way for seamless integration with autonomous security agents and unlocking new possibilities for proactive defense.
We realized that we needed to uplift our capability in the security operations center. We wanted a platform that could help us face the challenges of offensive use of AI so we could defend at machine speed.
—David Boda, Chief Security and Resilience Officer, Nationwide
Optimizing costs and coverage
Now generally available, the Microsoft Sentinel data lake serves as the foundation for modern, AI-powered security operations. Purpose-built for security, it features a cloud-native architecture that centralizes all security data from more than 350 sources across platforms and clouds. The Microsoft Sentinel data lake simplifies data management, eliminating silos, and enables cost-effective long-term retention, empowering organizations to maintain strong security postures while optimizing budget. By unifying historical and real-time security data, the data lake helps AI agents and automation perform advanced analytics, detect anomalies, and execute autonomous cyberthreat responses with precision and speed.
To further help organizations optimize their security operations, Microsoft Sentinel has native features like:
SOC optimization helps security teams improve coverage, reduce costs, and streamline operations by providing AI-powered recommendations on data usage, cyberthreat detection gaps, and analytics efficiency. These insights empower defenders to make smarter decisions and maximize return on investment.
New cost management features in preview help customers with cost predictability, billing transparency, and operational efficiency.
Accelerating the SOC with advanced analytics and AI
Microsoft Sentinel is transforming security operations with advanced analytics, agentic AI, and MCP server. Microsoft Sentinel data lake centralizes security data from hundreds of sources, enabling real-time detection, contextual analysis, and autonomous response. The integration of agentic AI and Microsoft Security Copilot allows defenders to automate investigations, correlate complex signals, and respond to cyberthreats at machine speed. The MCP server further enhances these capabilities by making security data agent-ready. Support for tools like Kusto Query Language (KQL) queries, Spark notebooks, and machine learning models within the Microsoft Sentinel data lake empowers agentic systems to continuously learn, adapt, and act on emerging cyberthreats, driving smarter, faster, and more contextual security operations across the SOC. This AI-powered approach reduces alert fatigue and accelerates decision-making, strengthening security posture across the SOC.
Together, these capabilities empower SOC teams to operate at the speed of AI, reduce noise, and focus on high-impact investigations, driving clarity, efficiency, and resilience across the security lifecycle.
Empowering defenders with industry-leadingSIEM
Microsoft Sentinel enhances security operations by unifying SIEM, security orchestration, automation, and response (SOAR), user and entity behavior analytics (UEBA), and threat intelligence into a single, integrated experience. With full integration into the Microsoft Defender portal, Microsoft Sentinel delivers a consolidated view for detection, investigation, and response across endpoints, identities, cloud, and network—streamlining workflows and enhancing efficiency for SOC teams.
Advanced correlation algorithms combine behavioral analytics, machine learning, and threat intelligence to connect events and deliver comprehensive security insights.
Custom rules and MITRE ATT&CK® mapping allow defenders to tailor detection strategies for their specific needs.
Built-in orchestration and automation capabilities reduce manual effort, accelerate incident response, and free analysts to focus on high-value tasks.
UEBA powered by AI provide deep behavioral insights to detect anomalies and insider threats.
Integrated threat intelligence enriches investigations with real-time insights, enabling faster detection, deeper context, and more accurate response across the SOC.
Embedded AI and machine learning accelerate threat detection, reduce false positives, and enable advanced hunting and automated investigations—helping SOC teams respond faster and with precision.
Microsoft Sentinel has comprehensive machine learning threat analytics models that allow us to hunt and detect any security threat, no matter how sophisticated or hidden they are. Microsoft Sentinel has intelligent security event management features which help us to accurately investigate security threats to understand the origin, making it easy to identify the most appropriate way to handle them.
—Software Development Project Manager, Software Industry (Source: Gartner Peer Insights™)
Download the report
To learn more about why Microsoft was named a Leader in the 2025 Gartner® Magic Quadrant™ for SIEM, download the full report.
Looking forward
As cyberthreats grow in sophistication, the need for intelligent, adaptive, and end-to-end AI security platforms becomes more urgent. Microsoft is committed to leading this transformation by:
Investing in agentic AI to empower defenders with autonomous capabilities.
Empowering defenders with a cost-effective data lake for deeper insights and scalable analytics.
Enhancing cross-platform integrations for holistic protection.
Driving community collaboration through open content hubs and shared analytics.
We’re not just building tools; we’re shaping the future of cybersecurity. Our roadmap is guided by the real-world challenges faced by SOCs and the outcomes they strive for: faster detection, smarter response, and stronger resilience.
We’re honored by the Gartner recognition and deeply grateful to our customers, partners, and the analyst community for their continued trust and collaboration.
Are you a regular user of Microsoft Sentinel? Share your insights and get rewarded with a $25 gift card on Gartner Peer Insights™.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.
1Gartner® Magic Quadrant™ for Security Information and Event Management, Andrew Davies, Eric Ahlm, Angel Berrios, Darren Livingstone, 8 October 2025
Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, Magic Quadrant and Peer Insights are registered trademarks of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved.
In 80% of the cyber incidents Microsoft’s security teams investigated last year, attackers sought to steal data—a trend driven more by financial gain than intelligence gathering. According to the latest Microsoft Digital Defense Report, written with our Chief Information Security Officer Igor Tsyganskiy, over half of cyberattacks with known motives were driven by extortion or ransomware. That’s at least 52% of incidents fueled by financial gain, while attacks focused solely on espionage made up just 4%. Nation-state threats remain a serious and persistent threat, but most of the immediate attacks organizations face today come from opportunistic criminals looking to make a profit.
Every day, Microsoft processes more than 100 trillion signals, blocks approximately 4.5 million new malware attempts, analyzes 38 million identity risk detections, and screens 5 billion emails for malware and phishing. Advances in automation and readily available off-the-shelf tools have enabled cybercriminals—even those with limited technical expertise—to expand their operations significantly. The use of AI has further added to this trend with cybercriminals accelerating malware development and creating more realistic synthetic content, enhancing the efficiency of activities such as phishing and ransomware attacks. As a result, opportunistic malicious actors now target everyone — big or small — making cybercrime a universal, ever-present threat that spills into our daily lives.
In this environment, organizational leaders must treat cybersecurity as a core strategic priority—not just an IT issue—and build resilience into their technology and operations from the ground up. In our sixth annual Microsoft Digital Defense Report, which covers trends from July 2024 through June 2025, we highlight that legacy security measures are no longer enough; we need modern defenses leveraging AI and strong collaboration across industries and governments to keep pace with the threat. For individuals, simple steps like using strong security tools—especially phishing-resistant multifactor authentication (MFA)—makes a big difference, as MFA can block over 99% of identity-based attacks. Below are some of the key findings.
A screenshot of a computer screen
AI-generated content may be incorrect.
Critical services are prime targets with a real-world impact.
Malicious actors remain focused on attacking critical public services –— targets that, when compromised, can have a direct and immediate impact on people’s lives. Hospitals and local governments, for example, are all targets because they store sensitive data, or have tight cybersecurity budgets with limited incident response capabilities, often resulting in outdated software. In the past year, cyberattacks on these sectors had real -world consequences, including delayed emergency medical care, disrupted emergency services, canceled school classes, and halted transportation systems.
Ransomware actors in particular focus on these critical sectors because of the targets’ limited options. For example, a hospital must quickly resolve its encrypted systems, or patients could die, potentially leaving no other recourse but to pay. Additionally, governments, hospitals, and research institutions store sensitive data that criminals can steal and monetize through illicit marketplaces on the dark web, fueling downstream criminal activity. Government and industry can collaborate to strengthen cybersecurity in these sectors—particularly for the most vulnerable. These efforts are critical to protecting communities and ensuring continuity of care, education, and emergency response.
Nation-state actors are expanding operations.
While cybercriminals are the biggest cyber threat by volume, nation-state actors still target key industries and regions, expanding their focus on espionage and, in some cases, on financial gain. Geopolitical objectives continue to drive a surge in state-sponsored cyber activity, with a notable expansion in targeting communications, research, and academia.
Key insights:
China is continuing its broad push across industries to conduct espionage and steal sensitive data. State-affiliated actors are increasingly attacking non-governmental organizations (NGOs) to expand their insights and are using covert networks and vulnerable internet-facing devices to gain entry and avoid detection. They have also become faster at operationalizing newly disclosed vulnerabilities.
Iran is going after a wider range of targets than ever before, from the Middle East to North America, as part of broadening espionage operations. Recently, three Iranian state-affiliated actors attacked shipping and logistics firms in Europe and the Persian Gulf to gain ongoing access to sensitive commercial data, raising the possibility that Iran may be pre-positioning to have the ability to interfere with commercial shipping operations.
Russia, while still focused on the war in Ukraine, has expanded its targets. For example, Microsoft has observed Russian state-affiliated actors targeting small businesses in countries supporting Ukraine. In fact, outside of Ukraine, the top ten countries most affected by Russian cyber activity all belong to the North Atlantic Treaty Organization (NATO) —a 25% increase compared to last year. Russian actors may view these smaller companies as possibly less resource-intensive pivot points they can use to access larger organizations. These actors are also increasingly leveraging the cybercriminal ecosystem for their attacks.
North Korea remains focused on revenue generation and espionage. In a trend that has gained significant attention, thousands of state-affiliated North Korean remote IT workers have applied for jobs with companies around the world, sending their salaries back to the government as remittances. When discovered, some of these workers have turned to extortion as another approach to bringing in money for the regime.
The cyber threats posed by nation-states are becoming more expansive and unpredictable. In addition, the shift by at least some nation-state actors to further leveraging the cybercriminal ecosystem will make attribution even more complicated. This underscores the need for organizations to stay abreast of the threats to their industries and work with both industry peers and governments to confront the threats posed by nation-state actors.
2025 saw an escalation in the use of AI by both attackers and defenders.
Over the past year, both attackers and defenders harnessed the power of generative AI. Threat actors are using AI to boost their attacks by automating phishing, scaling social engineering, creating synthetic media, finding vulnerabilities faster, and creating malware that can adapt itself. Nation-state actors, too, have continued to incorporate AI into their cyber influence operations. This activity has picked up in the past six months as actors use the technology to make their efforts more advanced, scalable, and targeted.
A graph on a blue background
AI-generated content may be incorrect.
For defenders, AI is also proving to be a valuable tool. Microsoft, for example, uses AI to spot threats, close detection gaps, catch phishing attempts, and protect vulnerable users. As both the risks and opportunities of AI rapidly evolve, organizations must prioritize securing their AI tools and training their teams. Everyone –— from industry to government –— must be proactive to keep pace with increasingly sophisticated attackers and to ensure that defenders keep ahead of adversaries.
Adversaries aren’t breaking in,; they’re signing in.
Amid the growing sophistication of cyber threats, one statistic stands out: more than 97% of identity attacks are password attacks. In the first half of 2025 alone, identity -based attacks surged by 32%. That means the vast majority of malicious sign-in attempts an organization might receive are via large-scale password guessing attempts. Attackers get usernames and passwords (“credentials”) for these bulk attacks by in largelargely from credential leaks.
However, credential leaks aren’t the only place where attackers can obtain credentials. This year, we saw a surge in the use of infostealer malware by cybercriminals. Infostealers can secretly gather credentials and information about your online accounts, like browser session tokens, at scale. Cybercriminals can then buy this stolen information on cybercrime forums, making it easy for anyone to access accounts for purposes such as the delivery of ransomware.
Luckily, the solution to identity compromise is simple. The implementation of phishing-resistant multifactor authentication (MFA) can stop over 99% of this type of attack even if the attacker has the correct username and password combination. To target the malicious supply chain, Microsoft’s Digital Crimes Unit (DCU) is fighting back against the cybercriminal use of infostealers. In May, the DCU disrupted the most popular infostealer —– Lumma Stealer –— alongside the US Department of Justice and Europol.
Moving forward: Cybersecurity is a shared defensive priority.
As threat actors grow more sophisticated, persistent, and opportunistic, organizations must stay vigilant, continually updating their defenses, and sharing intelligence. Microsoft remains committed to doing its part to strengthen our products and services via our Secure Future Initiative. We also continue to collaborate with others to track threats, alert targeted customers, and share insights with the broader public when appropriate.
However, security is not only a technical challenge, but a governance imperative. Defensive measures alone are not enough to deter nation-state adversaries. Governments must build frameworks that signal credible and proportionate consequences for malicious activity that violates international rules. Encouragingly, governments are increasingly attributing cyberattacks to foreign actors and imposing consequences such as indictments and sanctions. This growing transparency and accountability are important steps toward building collective deterrence. As digital transformation accelerates—amplified by the rise of AI—cyber threats pose risks to economic stability, governance, and personal safety. Addressing these challenges requires not only technical innovation but coordinated societal action.
The Deputy CISO blog series is where Microsoft Deputy Chief Information Security Officers(CISOs) share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start (and stop) deploying, forward-looking commentary on where the industry is going, and more. In this article, Raji Dani, Vice President and Deputy CISO for Microsoft business functions, finance, and marketing at Microsoft dives into the importance of securing customer service solutions.
In my role as Deputy CISO for Microsoft’s business operations, I focus on the unique risks within our customer support operations. The tools and processes that empower our customer support agents are essential for helping customers, but if architected with excessive privilege or trusted too broadly between services, they can introduce significant risk to Microsoft and our customers. Understanding and mitigating these risks is a core part of my job, and this post shares the key lessons we apply in this space.
Customer support: What could go wrong?
Customer support agents require powerful tools to resolve customer issues—unlocking accounts, troubleshooting complex environments, and more. Given how powerful they can be, the tools used by customer support agents, if not properly architected or protected, can be harmful if they fall into the wrong hands. Cyberattackers know that customer support operations can require privileged access, and that organizations sometimes treat customer support as an auxiliary function—resulting in a lower security bar. As a result, cyberattackers see customer support as an attractive target that can potentially serve as a vector to gain access to sensitive data and environments. To use the common security parlance, a major reason driving cyberattacker focus on customer support infrastructure is that this infrastructure can provide them with an opportunity to move laterally into core service that hosts customer data.
These risks are not theoretical. Recent cyberattacks, including those by nation-state actors like Midnight Blizzard, have targeted customer support operations at Microsoft and across the industry. Cyberattackers have targeted resources across customer support ecosystems—spanning support agent identities, case management systems, and diagnostic tools—in attempt to steal valuable data and gain access to other environments.
Securing customer support: What can we do?
Given the risks described above, a comprehensive security strategy is needed that spans the identities used for customer support and the tools used by those identities, specifically focusing on mitigating the risk that these identities and tools can be exploited in an attempt to access other environments or data. With that in mind, we are implementing (and will continually refine) the following approaches to mitigate risk in the customer support space.
1. Curated and secured support identities
At Microsoft, we create dedicated identities curated and secured for the customer support function. These identities are separate from the accounts employees use to perform the parts of their job not related to customer support. Standardizing and strengthening these customer support identities—with Phishing Resistent Multifactor Authentication (PRMFA) and identity isolation—is foundational, as this helps mitigate the risk of lateral movement. Cyberattackers often target support agent accounts using phishing and password spray techniques, knowing that identity security can vary, especially when third parties are involved.
Even with hardened identities, we adopt an assume-breach mindset. We implement least privilege and enforce device protection so that no agent has standing access to support tools or data. Access is granted only for active cases, and permissions are tightly scoped—this is known as case-based role-based access control (RBAC), based on strong just-in-time (JIT) and just-enough-access (JEA) implementations that are informed by active cases. Additionally, when an agent does need to work on a case they operate from restricted, managed virtual desktops that prevent downloading unauthorized software, further reducing breach risk by reducing the likelihood that a malware-infected device is able to operate against customer support tools or data.
3. Architecting secure tools and managing service-to-service trust and high privileged access
Support tools often require access to production environments like Microsoft 365 or Microsoft Azure—for example, an agent may need to troubleshoot a performance issue on a customer’s Azure Virtual Machine. We ensure the tools used for these scenarios operate with scoped privileges and avoid unsafe high privileged access (HPA) patterns. Critically, we minimize service-to-service (S2S) trust. Support tools are designed to perform only specific support functions, with tightly scoped permissions against downstream resources that they may need to access. By limiting S2S trust, we prevent cyberattackers from using compromised support tools to access or damage production environments.
4. Monitoring and response
Continuing with the theme of assume breach, we implement strong telemetry across all the previously mentioned scenarios—we have to assume that cyberattackers will exploit our tools and operations, no matter how much we harden them. Strong telemetry gives our incident response teams visibility into any possible anomalies or attempts to exploit customer support agents or the tools they use, which enables us to stop potential cyberattacks faster. The fact that agents use a dedicated, isolated identity for customer support also enables us to more effectively respond if compromise is suspected since we can target our response operations precisely within the dedicated identity boundary.
Takeaways
Customer support tooling and operations can be exploited by cyberattackers to harm Microsoft and our customers. We cannot treat customer support as an auxiliary function with a low security bar. Given its relationship to core infrastructure, maintaining a high security posture is essential to prevent lateral movement by cyberattackers. We achieve this through identity isolation and protection, case-based RBAC, removal of unsafe access patterns, minimizing S2S trust, and strong telemetry at all layers to detect and mitigate anomalies.
These lessons extend beyond customer support—any business function historically considered auxiliary should be deeply understood for lateral movement risk and secured to a higher standard if needed. Security is not just a technical imperative. It’s a shared responsibility that must extend to every corner of the digital ecosystem, including customer support infrastructure and other business functions. Whether your organization manages its own support center or relies on a third-party provider, it’s important not to treat customer support as an afterthought in terms of security.
Approaches like ours—anchored in identity segmentation, JIT and JEA, case-based RBAC, task-specific controls, and enhanced telemetry—don’t have to be exclusive to large enterprises. They can be realistically adapted by organizations of all sizes. For those with in-house customer support teams, it’s a good idea to invest in security training and align performance metrics with secure outcomes. If you’re using third-party providers, require transparency, enforce contractual security obligations, and ensure that access controls are tightly scoped and monitored. All organizations, whether small businesses or large enterprises, should be mindful of the applications they use for customer support—how they’re designed, how they’re configured, and how they interact with other systems and data. Any customer support applications that can access sensitive resources or data need to have the strongest controls. Finally, having an assume breach mindset is critical. All organizations should implement strong telemetry that provides visibility into potential anomalies at both the identity and tooling layers, so potential cyberattacks can be quickly spotted and remediated.
Final thoughts on strengthening support operations and security
Security isn’t just a technical concern—it’s a shared responsibility that reaches every part of your digital ecosystem, including customer support infrastructure. Whether you manage your own support center or work with a third-party provider, don’t treat customer support as an afterthought when it comes to security.
Approaches like JIT and JEA, case-based RBAC, task-specific controls, and enhanced telemetry aren’t just for large enterprises. Organizations of all sizes can adapt them. If you have an in-house support team, invest in security training and align performance metrics with secure outcomes. If you work with third-party providers, require transparency, enforce contractual security obligations, and make sure access controls are tightly scoped and monitored. Even the smallest organizations should be mindful of the customer support applications they use—how they’re designed and configured matters.
The goal is to close gaps in your security. Treat customer support infrastructure as critical and apply layered, context-aware controls to reduce exposure to session hijacking and lateral movement across your network. Security must be holistic—it’s about protecting not just what you build, but also what supports it. These lessons apply to other business functions too, like sales, consulting, and reseller relationships. Each of these areas may use tools or systems that could allow lateral movement into core infrastructure. That’s why it’s important to prioritize these tools and make sure they meet the highest security standards.
Microsoft Deputy CISOs
To hear more from Microsoft Deputy CISOs, check out the OCISO blog series:
To stay on top of important security industry updates, explore resources specifically designed for CISOs, and learn best practices for improving your organization’s security posture, join the Microsoft CISO Digest distribution list.
Learn more with Microsoft Security
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.
ExCyTIn-Bench is Microsoft’s newest open-source benchmarking tool designed to evaluate how well AI systems perform real-world cybersecurity investigations.1 It helps business leaders assess language models by simulating realistic cyberthreat scenarios and providing clear, actionable insights into how those tools reason through complex problems. In contrast to previous benchmarks that concentrated on threat intelligence trivia or static knowledge, this benchmark evaluates AI agents in multistep, data-rich, multistage cyberattack scenarios within a simulated security operations center (SOC) in Microsoft Azure. It incorporates 57 log tables from Microsoft Sentinel and related services to reflect the scale, noise, and complexity of real incidents and SOC operations.2
For chief information security officers (CISOs), IT leaders, and buyers, ExCyTIn-Bench offers a clear, objective way to assess AI capabilities for security. It’s not just about accuracy in cyberthreat reports, trivia, or toy simulations, but about how well AI can investigate, adapt, and explain its findings in the face of real-world cyberthreats. As cyberattacks grow in sophistication, tools like ExCyTIn-Bench help organizations select solutions that truly enhance detection, response, and resilience.
Microsoft uses this framework internally to strengthen its AI-powered security features and test their ability to withstand real-world cyberattacks. Our security-focused in-house models rely on feedback from ExCyTIn to uncover weaknesses in detection logic, tool capabilities, and data navigation. For broader integration, we are also collaborating with security products such as Microsoft Security Copilot, Microsoft Sentinel, and Microsoft Defender to evaluate and provide feedback on their AI features. Additionally, Microsoft Security product owners can monitor how different models perform and what they cost, allowing them to choose appropriate models for specific features.
How ExCyTIn-Bench improves upon traditional benchmarks
Unlike traditional benchmarks3,4 that rely on multiple choice questions—which are often susceptible to guesswork—ExCyTIn-Bench adopts an innovative, principled methodology for generating questions and answers from threat investigation graphs. Human analysts conceptualize threat investigations using incident graphs, specifically bipartite alert-entity graphs.5 These serve as ground truth, supporting the creation of explainable question-answer pairs grounded in authentic security data. This enables rigorous analysis of strategy quality, not just final answers. Even recent industry publications, such as CyberSOCEval,3 focus on packaging realistic SOC scenarios and evaluating how models investigate static evidence in them. ExCyTIn adopts a different approach in both design and technical implementation by positioning the agent within a controlled Azure SOC environment: where the agent queries live log tables, transitions across data sources, and plans multistep investigations.
As a result, ExCyTIn evaluates comprehensive reasoning processes, including goal decomposition, tool usage, and evidence synthesis, under constraints that simulate an analyst’s workflow. By defining rigorous ground truths and extensible frameworks, ExCyTIn-Bench enables realistic, multiturn, agent-based experimentation, collaboration, and continuous self-improvement, all reinforced by verifiable, fine-grained reward mechanisms for AI-powered cyber defense.6
ExCyTIn-Bench innovations that deliver strategic value
Realistic security evaluation. Unlike most open-source benchmarks,3,4 ExCyTIn-Bench captures the complexity and ambiguity of actual cyber investigations. AI agents are challenged to analyze noisy, multitable security data, construct advanced queries, and uncover indicators of compromise (IoCs)—mirroring the work of human SOC analysts.
Transparent, actionable metrics. The benchmark provides fine-grained, step-by-step reward signals for each investigative action over basic binary success and failure metrics found in current benchmarks. This transparency helps organizations understand not just what a model can do, but how it arrives at its conclusions—critical for actionability, trust, and compliance.
Accelerating innovation. ExCyTIn-Bench is open-source and designed for collaboration. Researchers and vendors worldwide can use it to test, compare, and improve new models, driving rapid progress in automated cyber defense.
Personalized benchmarks (coming soon). Create tailored cyberthreat investigation benchmarks specific to the threats occurring in each customer tenant.
Latest results—language models are getting smarter
Recent evaluations show that the newest models are making significant strides:
GPT-5 (High Reasoning) leads with a 56.2% average reward, outperforming previous models and demonstrating the value of advanced reasoning for security tasks.
Smaller models with effective chain-of-thought (CoT) reasoning—like GPT-5-mini—are now rivaling larger models, offering strong performance at lower cost.
Explicit reasoning matters—Lower reasoning settings in GPT-5 drop performance by nearly 19%, highlighting that deep, step-by-step reasoning is essential for complex investigations.
Open-source models are closing the gap with proprietary solutions, making high-quality security automation more accessible.
New models are getting close to top CoT techniques (ReAct, reflection and BoN at 56.3%) but don’t surpass them, suggesting comparable reasoning during inference.
Get involved
Upcoming security events
Deep dive into the latest security innovations
Watch Microsoft Secure on demand and join us at Microsoft Ignite, November 17-21, 2025, in San Francisco, CA, or online—for more innovations, hands-on labs, and expert connections.
ExCyTIn-Bench is open-source and free to access. Model developers and security teams are invited to contribute, benchmark, and share results through the official GitHub repository. For questions or partnership opportunities, reach out to the team at msecaimrbenchmarking@microsoft.com.
Thank you to the MSECAI Benchmarking team for helping this become reality.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.
5Incident or Threat Investigation graphs portray multi-stage attacks by linking alerts, events, and indicators of compromise (IoCs) into a unified view. Nodes denote alerts (e.g., suspicious file downloads) or entities (e.g., user accounts) while edges capture their relationships (e.g., a phishing email that triggers a malicious download)
At Microsoft, building a lasting security culture is more than a strategic priority—it is a call to action. Security begins and ends with people, which is why every employee plays a critical role in protecting both Microsoft and our customers. When secure practices are woven into how we think, work, and collaborate, individual actions come together to form a unified, proactive, and resilient defense.
Over the past year, we’ve made significant strides through the Secure Future Initiative (SFI), embedding security into every layer of our engineering practices. But just as critical has been our transformation in how we educate and engage our employees. We revamped our employee security training program to tackle advanced cyberthreats like AI-enabled attacks and deepfakes. We launched the Microsoft Security Academy to empower our employees with personalized learning paths that create a relevant experience. We’ve made security culture a company-wide imperative, reinforcing vigilance, embedding secure habits into everyday work, and achieving what technology alone cannot. It is more than a mindset shift; it’s a company-wide movement, led from the top and setting a new standard for the industry.
To help other organizations take similar steps, we are introducing two new guides—focused on identity protection and defending against AI-enabled attacks—that offer actionable insights and practical tools. These resources are designed to help organizations rethink their approach in order to move beyond 101-level content and build a culture of security that is resilient, adaptive, and people-powered. Because in cybersecurity, culture is more than a defense—it is the difference between reacting to cyberthreats and staying ahead of them.
Training for proactive security: Empowering employees in a new era of advanced threats
Security is the responsibility of every Microsoft employee, and we’ve taken deliberate steps to make that responsibility tangible and actionable. Over the past year, we’ve worked hard to reinforce a security-first mindset throughout every part of the company—from engineering and operations to customer support—ensuring that security is a shared responsibility at every level. Through redesigned training, personalized guidance, regular feedback loops, and role-specific expectations, we are fostering a culture where security awareness is both instinctive and mandatory.
As cyberattackers become increasingly sophisticated, using AI, deepfakes, and social engineering, so must the way we educate and empower employees. The security training team at Microsoft has overhauled its annual learning program to reflect this urgency. Our training is thoughtfully designed to be even more accessible and inclusive, built from empathy for all job roles and the work they do. This helps ensure that all employees, regardless of background or technical expertise, can fully engage with the content and apply it in meaningful ways. The result is a lasting security culture that employees not only embrace in their work but also carry into their personal lives.
To ensure our lasting security culture is rooted in real-world cyberthreats and tactics, we’ve continued to push our Security Foundations series to feature dynamic, threat-informed content and real-world scenarios. We’ve also updated training content in traditional topics like phishing, identity spoofing, and AI-enabled cyberattacks like deepfakes. All full-time employees and interns are required to complete three sessions annually (90 minutes total), with newly created content every year.
Security training must resonate both in the workplace and at home to create a lasting impact. That is why we equip employees with a self-assessment tool that delivers personalized, risk-based feedback on identity protection, along with tailored guidance to help safeguard their identities—both on the job and in their personal lives.
The ingredients for successful security training
At Microsoft, the success of our security training programs hinges on several crucial ingredients: fresh, risk-based content; collaboration with internal experts; and a relentless focus on relevance and employee satisfaction. Rather than recycling old material, we rebuild our training from the ground up each year, driven by the changing cyberthreat landscape—not just compliance requirements. Each annual program begins with a risk-based approach informed by an extensive listening network that includes internal experts in threat intelligence, incident response, enterprise risk, security risk, and more. Together, we identify the top cyberthreats where employee judgment and decision-making are essential to keeping Microsoft secure—and how those cyberthreats are evolving.
Take social engineering, for instance. This topic is a consistent inclusion in our training because around 80% of security incidents start with a phishing incident or identity compromise. But we are not teaching phishing 101, as we expect our employees already have foundational awareness of this cyberthreat. Instead, we dive into emerging identity threats, real-world cyberattack scenarios, and examples of how cyberattackers are becoming more sophisticated and scaling faster than ever.
The impact we are making on the security culture at Microsoft is not by chance, nor is it anecdotal. The Education and Awareness team within the Office of the Chief Information Security Office (OCISO) applies behavioral science, adult learning theory, and human-centered design to the development of every Security Foundations course. This ensures that training resonates, sticks, and empowers behavioral change. We also continually measure learner satisfaction and content relevancy, both of which have climbed significantly in recent years. We attribute this positive change to the continual innovation and evolution of our content and the increased attention we pay to the learning and cultural needs of our employees.
For example, the Security Foundations training series is consistently one of the highest-rated required employee training courses at Microsoft. Our post-training surveys tell a clear story: employees see themselves as active participants in keeping Microsoft secure. They feel confident identifying threats, know how to escalate issues, and consistently reinforce that security is a top priority across roles, regions, and teams.
This was one of the best Security Foundations that I’ve taken, well done! The emphasis on deepfake possible attacks was enlightening and surprising, I thought it was a great choice to actually deepfake [our actor] to show how real it sounds and show in real time what is possible to get that emphasis. The self-assessment was also great in terms of showing the areas that I need to work on and use more caution.
—Microsoft employee
Today, engagement with the Security Foundations training is strong, with 99% of employees completing each course. Learner satisfaction continues to climb, with the net satisfaction score rising from 144 in fiscal year (FY) 2023 to 170 today. Relevancy scores have followed a similar trend, increasing from 144 in FY 2023 to 169 today.1 These scores reflect that our employees view the security training content as timely, applicable, and actionable.
Microsoft leadership sets the tone
Our security culture change started at the top, with Chief Executive Officer (CEO) Satya Nadella mandating that security be the company’s top priority. His directive to employees is clear: when security and other priorities conflict, security must always take precedence. Chief People Officer (CPO) Kathleen Hogan reinforced this commitment in a company-wide memo, stating, “Everyone at Microsoft will have security as a Core Priority. When faced with a tradeoff, the answer is clear and simple: security above all else.”
The Security Core Priority continues to enhance employee training around security at Microsoft. As of December 2024, every employee had a defined Security Core Priority and discussed their individual impact during performance check-ins with their manager. Hogan explains that this isn’t a one-time pledge, but a non-negotiable, ongoing responsibility shared by every employee. “The Security Core Priority is not a check-the-box compliance exercise; it is a way for every employee and manager to commit to—and be accountable for—prioritizing security, and a way for us to codify your contributions and to recognize you for your impact,” she said. “We all must act with a security-first mindset, speak up, and proactively look for opportunities to ensure security in everything we do.”
This commitment is embedded in how Microsoft governs and operates at the highest levels. Over the past year, the senior leadership team at Microsoft has focused on evaluating the state of our security culture and identifying ways to strengthen it. Security performance is reviewed at weekly executive meetings with deep dives into each of the six pillars of our Secure Future Initiative. The Board of Directors receives regular updates, reinforcing the message that security is a board-level concern. We’ve also reinforced our commitment to security by directly linking leadership compensation to security outcomes—elevating security to the same level of importance as growth, innovation, and financial performance. By using executive compensation as an accountability mechanism tied to specific security performance metrics, we’ve driven measurable improvements, especially in areas like secret hygiene across our code repositories.
Reinforcing security culture through engagement and hiring
Security culture is not built in a single training session; it is sustained through continuous engagement and visible reinforcement. To keep security top-of-mind, Microsoft runs regular awareness campaigns that revisit core training concepts and share timely updates across the company. These campaigns span internal platforms like Microsoft SharePoint, Teams, Viva Engage, and global digital signage in offices. This creates a consistent drumbeat that embeds security into daily workflows through reminders that reinforce key behaviors.
Launching fall 2025, the global security ambassador program will activate a grassroots network of trusted advocates within teams and departments across organizations and geographies. With a goal of reaching at least 5% employee participation, these ambassadors will serve as local champions, helping amplify initiatives, offering peer-to-peer guidance, and offering valuable feedback from the front lines. This approach not only sustains engagement but ensures Microsoft’s security strategy is informed by real-world insights from across the organization. As cyberattackers continue to grow more advanced, our employees must constantly learn and adapt. For this reason, security is a continuous journey that requires a culture of continuous improvement, where lessons from incidents are used to update policies and standards, and where employee feedback helps shape future training and engagement strategies.
Security culture is only as strong as the people who live it. That is why Microsoft is investing heavily in talent to scale its defenses through upskilling and hiring. Through the resulting increase in security engineers, we are making sure that every team, product, and customer benefits from the latest in security thinking and expertise.
Embedding security into engineering
The company leadership sets the vision, but real transformation happens when security is woven into our engineering. We are moving beyond simply applying security frameworks—reengineering how we design, test, and operate technology at scale. To drive this shift, we’ve aligned our engineering practices with the Protect Engineering Systems pillar of SFI, embedding security into every layer of development, from identity protection to threat detection. Our Microsoft Security Development Lifecycle (SDL), once published as a standalone methodology, is now deeply integrated into the Secure by Design pillar of SFI, ensuring security is part of the process, from the first line of code to final deployment.
We’ve embedded DevSecOps and shift-left strategies throughout our development lifecycle, backed by new governance models and accountability structures. Every engineering division now has a Deputy Chief Information Security Officers (CISO) responsible for embedding security into their workflows. These practices reduce costs, minimize disruption, and ultimately lead to more resilient products.
Under SFI, security is treated as a core attribute of product innovation, quality, innovation, and trust. And as Microsoft redefines how security is built into engineering, we are also transforming how it is lived. This means providing every employee with the awareness and agility needed to counter the most advanced cyberthreats.
Security culture as a matter of business trust
For Microsoft, a strong security culture helps us protect internal systems and uphold customer and partner trust. With a global presence, broad product footprint, and a customer base that spans nearly all industries, even a single lapse can have impact at a scale where even a single security lapse can have wide-reaching implications. Embedding security into every layer of the company is both complex and essential—and involves more than just cutting-edge tools or isolated policies. Our security-first employee mindset views security not as a discrete function, but as something that informs every role, decision, and workflow. And while tools are indispensable in addressing technical cyberthreats, it is culture that ensures those tools are consistently applied, refined, and scaled across the organization.
Paving the road ahead for lasting security culture
The famous quote attributed to renowned management consultant Peter Drucker that “culture eats strategy for breakfast” holds especially true in cybersecurity. No matter how well-designed a security strategy may be, it can’t succeed without a culture that supports and sustains it. Ultimately, the formula for proactive security at Microsoft is built on three connected elements: people, process, and culture. And although we’ve made meaningful progress on all three fronts, the work is never finished. The cybersecurity landscape is constantly shifting, and with each new challenge comes an opportunity to adapt, improve, and lead.
The decision by Microsoft to treat security not as an isolated discipline, but as a foundational value—something that informs how products are built, how leaders are evaluated, and how employees across the company show up every day—is a core aspect of SFI. This initiative has already led to measurable improvements, including the appointment of Deputy CISOs across engineering divisions, the redesign of employee training to reflect AI-enabled threats, and the coming launch of grassroots programs like the global Security Ambassador program.
The Microsoft Secure Future Initiative is our commitment to building a lasting culture that embeds security into every decision, every product, and every employee mindset. We invite others to join us and transform how security is lived. Because in the current threat landscape, culture is not just a defense—it makes the difference.
Culture in practices: Tools to build a security-first mindset
To reinforce a security-first mindset across work and home, we’ve developed the following resources for our internal employees. We are also making them available for you to help drive the same commitment in your organization.
Identity Protection Guide—Critical identity protection practices for reduce your risk of cyberattacks” of a cyberattack, at work and at home.
To hear more from Microsoft Deputy CISOs, check out the OCISO blog series.
To stay on top of important security industry updates, explore resources specifically designed for CISOs, and learn best practices for improving your organization’s security posture, join the Microsoft CISO Digest distribution list.
To learn more about Microsoft Security solutions, go to our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.
Security is a core focus at Microsoft Ignite 2025, reflected in dedicated sessions and hands-on experiences designed for security professionals and leaders. Whether you’re shaping strategy or working on the front lines, Microsoft Ignite offers direct access to the latest advancements and practical solutions from leading experts.
Join us, in San Francisco from November 17–21, 2025—or online from November 18–20, 2025—as we spotlight our AI-first, end-to-end security platform designed to protect identities, devices, data, applications, clouds, infrastructure, and—critically—AI systems and agents.
Why security professionals should attend Microsoft Ignite:
Learn from experts and peers:Hear from industry leaders, security executives, and customers about security innovations, trends and real-world results.
Explore cutting-edge solutions:Dive into cloud, AI, and security tools through in-depth sessions, hands-on labs, and solution showcases.
Grow your skills and credentials:Take certification exams and test our latest security solutions with guidance from experts. (One free exam included with conference registration).
Connect and collaborate:Network with security experts, partners, and peers at community spaces, evening events, and one-on-one meetings.
Focus on your specialty:Attend targeted presentations and sessions designed for security professionals and other roles.
Explore the security sessions at Microsoft Ignite 2025
Discover sessions tailored for security pros. Filter by topic, format, and role to plan your Microsoft Ignite experience.
Whether you’re joining Microsoft Ignite in person or online, you’ll have access to a full slate of experiences designed to help you connect, learn, and grow as a security professional. Explore what’s in store below.
Keynote: The Ignite keynote will include a dedicated security segment featuring Vasu Jakkal, Corporate Vice President (CVP) of Microsoft Security Business, and Charlie Bell, Executive Vice President of Microsoft Security. Together, they’ll explore the future of cybersecurity in the age of AI—setting the stage for deeper conversations throughout the event.
Start strong at the Security Forum (November 17, 2025):Kick off Microsoft Ignite a day early with the Security Forum, an immersive, in-person event featuring in-depth discussions, interactive roundtables, and fresh insights from Microsoft leaders and industry experts—including Vasu Jakkal, CVP of Microsoft Security Business, and Ann Johnson, CVP and Deputy Chief Information Security Officer (CISO), Customer Security Management Office. Select the Security Forum option during your Microsoft Ignite registration.
Breakout sessions: Explore the latest security strategies, tools, and trends with expert-led presentations and panel discussions. These sessions are designed to deliver actionable insights and practical solutions for today’s security challenges. If you’re a Microsoft Security partner, be sure to check out the partner-focused security sessions at Microsoft Ignite.
Theater sessions: Experience fast-paced, demo-driven talks in the Innovation Hub, where you’ll see real-world applications of Microsoft security technologies and learn advanced techniques to strengthen your security posture.
Hands-on labs:Dive into practical, instructor-led labs where you can test drive the newest Microsoft security tools and technologies. These sessions are designed to help you build real-world skills, troubleshoot with experts, and walk away ready to implement what you’ve learned.
Earn Microsoft Security certifications: Take advantage of onsite certification opportunities to validate your expertise and advance your career. Whether you’re looking to deepen your knowledge or showcase your skills, earning certifications in in Microsoft security products is a powerful way to stand out.
Networking and community events:Microsoft Ignite is where the security community comes together. Meet peers, Microsoft engineers, and most-valued partners (MVPs) at expert meetups, connection pods, and community theater sessions, including these two exclusive experiences on Tuesday, November 18, 2025:
Security Leaders Dinner:Join Microsoft Security executives for an elevated dining experience at the Palace Hotel in San Francisco. Enjoy meaningful conversations and build connections with fellow security leaders over dinner. (Registration required, exclusive to CISOs and Vice Presidents. Request your spot today.)
Secure the Night party:Celebrate with fellow security professionals and partners at our signature evening event. Enjoy music, drinks, and entertainment while networking in a relaxed, festive atmosphere. Many thanks to our sponsors and members of the Microsoft Intelligent Security Association (MISA), Ascent Solutions, BlueVoyant, Darktrace, Illumio, Inforcer, LTIMindtree, Security Risk Advisors, and Yubico. (Registration required. Get on the guest list.)
Below, we break down the three core security themes shaping this year’s experience, along with the sessions you won’t want to miss. See the full sessions catalog.
Modernize your security operations
See how our unified, AI-powered platform brings together the foundational tools security teams use to prevent, detect, respond to, and defend against cyberthreats—all while streamlining operations.
Breakout sessions: Explore the latest in Microsoft Sentinel, Microsoft Defender, and Microsoft Entra—where security is integrated into every layer of your AI stack. Learn how scalable architectures, agentic workflows, and unified controls automate threat response, reshape security operations center (SOC) operations, and protect identities for both humans and AI agents. Expect deep dives into Microsoft Security Copilot agents, AI-powered security, predictive SOC strategies, Zero Trust, compliance, and integrated security foundations—all led by our top security experts.
Theater sessions: Get fast-paced, demo-driven insights in the Innovation Hub. See how to eliminate passwords with phishing-resistant passkeys, build custom Security Copilot agents, and stop ransomware before it starts. Learn advanced automation and hunting techniques with Microsoft Sentinel.
Hands-on labs: Turn theory into practice with real-world scenarios. Test drive Microsoft Defender XDR, implement Zero Trust across identities and devices, and integrate Microsoft Purview with Microsoft Defender for enhanced visibility. Instructor-led labs help you build skills, troubleshoot with experts, and leave Microsoft Ignite ready to modernize your SOC.
Protect your cloud and AI
Explore ways to protect your cloud and AI platforms, apps, and agents, from code to runtime, with Microsoft Defender, Microsoft Purview, and Microsoft Entra.
Breakout sessions: Learn how to secure cloud-native and AI workloads with Microsoft Defender for Cloud, implement proactive posture management, and automate threat detection and response. Explore design strategies for securing agentic AI systems across the lifecycle, aligned with the Microsoft Secure Future Initiative, and discover new capabilities for agent visibility, governance, and least-privilege access.
Theater sessions: Get practical guidance on strengthening your Microsoft Azure security posture, aligning AI innovation with compliance using Microsoft Purview, and enabling secure SAP access with Microsoft Entra ID Governance. See how Microsoft’s unified platform defends cloud environments, applications, and data—integrating Zero Trust, compliance, and threat intelligence across every layer.
Hands-on labs: Gain real-world experience mitigating threats with Defender for Cloud, maximizing Cloud Security Posture Management (CSPM), and safeguarding AI agents across their lifecycle. These instructor-led labs help you build practical skills in cloud and AI security, ensuring you’re ready to protect what matters most as your organization innovates.
Secure your data
Simplify investigations, address insider risks, and protect sensitive data—across clouds, devices, AI apps, and agents—to meet the challenges of tomorrow.
Breakout sessions: Discover how Microsoft Purview delivers layered data protection to prevent exfiltration, secures data wherever it lives, and integrates across Microsoft 365, Microsoft Azure, Windows, and Microsoft Fabric. Learn best practices for classification, labeling, and data loss prevention (DLP), scale investigations with AI-powered Data Security Investigations, and enable secure Microsoft Copilot adoption with safeguards to prevent data loss and insider risks.
Theater sessions: See how Microsoft Purview Compliance Manager unifies compliance, security, and AI readiness, and how to leverage existing security investments for comprehensive data protection. Explore how Microsoft Purview Data Security Posture Management delivers actionable insights to strengthen your data security posture.
Hands-on labs: Get practical experience creating and managing sensitive information types and labels, implementing insider risk management and adaptive protection, and configuring DLP policies across Microsoft 365. These labs equip you with real-world skills to secure data and meet tomorrow’s challenges.
Don’t miss your chance to be part of Microsoft Ignite. Register today to secure your spot, connect with the global security community, and get hands-on with the latest innovations. Join us in San Francisco or online—your journey to stronger security starts here. Conference passes are limited—use RSVP code ATXTJ77W to secure your spot. Once capacity is reached, we will no longer be able to accept registrations. Your RSVP code expires October 20—register today.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.
Microsoft Threat Intelligence has observed a financially motivated threat actor that we track as Storm-2657 compromising employee accounts to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts. These types of attacks have been dubbed “payroll pirate” by the industry. Storm-2657 is actively targeting a range of US-based organizations, particularly employees in sectors like higher education, to gain access to third-party human resources (HR) software as a service (SaaS) platforms like Workday.
In a campaign observed in the first half of 2025, we identified the actor specifically targeting Workday profiles. However, it’s important to note that any SaaS systems storing HR or payment and bank account information could be easily targeted with the same technique. These attacks don’t represent any vulnerability in the Workday platform or products, but rather financially motivated threat actors using sophisticated social engineering tactics and taking advantage of the complete lack of multifactor authentication (MFA) or lack of phishing-resistant MFA to compromise accounts. Workday has published guidance for their customers in their community, and we thank Workday for their partnership and support in helping to raise awareness on how to mitigate this threat.
Microsoft has identified and reached out to some of the affected customers to share tactics, techniques, and procedures (TTPs) and assist with mitigation efforts. In this blog, we present our analysis of Storm-2657’s recent campaign and the TTPs employed in attacks. We offer comprehensive guidance for investigation and remediation, including implementing phishing-resistant MFA to help block these attacks and protect user accounts. Additionally, we provide comprehensive detections and hunting queries to enable organizations to defend against this attack and disrupt threat actor activity.
Analysis of the campaign
In the observed campaign, the threat actor gained initial access through phishing emails crafted to steal MFA codes using adversary-in-the-middle (AITM) phishing links. After obtaining MFA codes, the threat actor was able to gain unauthorized access to the victims’ Exchange Online and later hijacked and modified their Workday profiles.
After gaining access to compromised employee accounts, the threat actor created inbox rules to delete incoming warning notification emails from Workday, hiding the actor’s changes to the HR profiles. Storm-2657 then stealthily moved on to modify the employee’s salary payment configuration in their HR profile, thereby redirecting future salary payments to accounts under the actor’s control, causing financial harm to their victims. While the following example illustrates the attack flow as observed in Workday environments, it’s important to note that similar techniques could be leveraged against any payroll provider or SaaS platform.
Figure 1. Attack flow of threat actor activity in a real incident
Initial access
The threat actor used realistic phishing emails, targeting accounts at multiple universities, to harvest credentials. Since March 2025, we’ve observed 11 successfully compromised accounts at three universities that were used to send phishing emails to nearly 6,000 email accounts across 25 universities.
Some phishing emails contained Google Docs links, making detection challenging, as these are common in academic environments. In multiple instances, compromised accounts did not have MFA enabled. In other cases, users were tricked into disclosing MFA codes via AiTM phishing links distributed through email. Following the compromise of email accounts and the payroll modifications in Workday, the threat actor leveraged newly accessed accounts to distribute further phishing emails, both within the organization and externally to other universities.
The threat actor used several themes in their phishing emails. One common theme involved messages about illnesses or outbreaks on campus, suggesting that recipients might have been exposed. These emails included a link to a Google Docs page that then redirected to an attacker-controlled domain.
Some examples of the email subject lines are:
COVID-Like Case Reported — Check Your Contact Status
Confirmed Case of Communicable Illness
Confirmed Illness
In one instance, a phishing email was sent to 500 individuals within a single organization, encouraging targets to check their illness exposure status. Approximately 10% of recipients reported the email as a suspected phishing attempt.
Figure 2. Sample of a phishing email sent by the threat actor with illness exposure related theme
The second theme involved reports of misconduct or actions by individuals within the faculty, with the goal of tricking recipients into checking the link to determine if they are mentioned in the report.
The most recently identified theme involved phishing emails impersonating a legitimate university or an entity associated with a university. To make their messages appear convincing, Storm-2657 tailored the content based on the recipient’s institution. Examples included messages that appear to be official communications from the university president, information about compensation and benefits, or documents shared by HR with recipients. Most of the time the subject line contained either the university name or the university’s president name, further enhancing the email’s legitimacy and appeal to the intended target.
Some examples of the subject lines are:
Please find the document forwarded by the HR Department for your review
[UNIVERSITY NAME] 2025 Compensation and Benefits Update
A document authored by [UNIVERSITY PRESIDENT NAME] has been shared for your examination.
Figure 3. Sample of a phishing email sent by the threat actor with HR related theme
Defense evasion
Following account compromise, the threat actor created a generic inbox rule to hide or delete any incoming warning notification emails from the organization’s Workday email service. This rule ensured that the victim would not see the notification emails from Workday about the payroll changes made by the threat actor, thereby minimizing the likelihood of detection by the victim. In some cases, the threat actor might have attempted to stay under the radar and hide their traces from potential reviews by creating rule names solely using special characters or non-alphabetic symbols like “….” or “\’\’\’\’”.
Figure 4. An example of inbox rule creation to delete all incoming emails from Workday portal captured through Microsoft Defender for Cloud Apps
Persistence
In observed cases, the threat actor established persistence by enrolling their own phone numbers as MFA devices for victim accounts, either through Workday profiles or Duo MFA settings. By doing so, they bypassed the need for further MFA approval from the legitimate user, enabling continued access without detection.
Impact
The threat actor subsequently accessed Workday through single sign-on (SSO) and changed the victim’s payroll/bank account information.
With the Workday connector enabled in Microsoft Defender for Cloud Apps, analysts can efficiently investigate and identify attack traces by examining Workday logs and Defender-recorded actions. There are multiple indicators available to help pinpoint these changes. For example, one indicator from the Workday logs generated by such threat actor changes is an event called “Change My Account” or “Manage Payment Elections”, depending on the type of modifications performed in the Workday application audit logs:
Figure 5. Example of payment modification audit log as captured through Microsoft Defender for Cloud Apps
These payroll modifications are frequently accompanied by notification emails informing users that payroll or bank details have been changed or updated. As previously discussed, threat actors might attempt to eliminate these messages either through manual deletion or by establishing inbox rules. These deletions can be identified by monitoring Exchange Online events such as SoftDelete, HardDelete, and MoveToDeletedItems. The subjects of these emails typically contain the following terms:
“Payment Elections”
“Payment Election”
“Direct Deposit”
Microsoft Defender for Cloud Apps correlates signals from both Microsoft Exchange Online (first-party SaaS application) and Workday (third-party SaaS application), enabling thorough detection of suspicious activities that span multiple systems, as seen in the image below. Only by correlating first party and third-party signals is it possible to detect this activity spawning across multiple systems.
Figure 6. Example of audit logs captured through Microsoft Defender for Cloud Apps showcasing an inbox rule creation in Microsoft Exchange Online followed by payroll account modification in Workday
Mitigation and protection guidance
Mitigating threats from actors like Storm-2657 begins with securing user identity by eliminating traditional credentials and adopting passwordless, phishing-resistant MFA methods such as FIDO2 security keys, Windows Hello for Business, and Microsoft Authenticator passkeys.
If Microsoft Defender alerts indicate suspicious activity or confirmed compromised account or a system, it’s essential to act quickly and thoroughly. Below are recommended remediation steps for each affected identity:
Reset credentials – Immediately reset the account’s password and revoke any active sessions or tokens. This ensures that any stolen credentials can no longer be used.
Re-register or remove MFA devices – Review users MFA devices, specifically those recently added or updated.
Revert unauthorized payroll or financial changes – If the attacker modified payroll or financial configurations, such as direct deposit details, revert them to their original state and notify the appropriate internal teams.
Remove malicious inbox rules – Attackers often create inbox rules to hide their activity or forward sensitive data. Review and delete any suspicious or unauthorized rules.
Verify MFA reconfiguration – Confirm that the user has successfully reconfigured MFA and that the new setup uses secure, phishing-resistant methods.
Microsoft Defender XDR detections
Microsoft Defender XDR coordinates detection, prevention, investigation, and response across endpoints, identities, email, apps to provide integrated protection against attacks like the threat discussed in this blog.
Customers with provisioned access can also use Microsoft Security Copilot in Microsoft Defender to investigate and respond to incidents, hunt for threats, and protect their organization with relevant threat intelligence.
Tactic
Observed activity
Microsoft Defender coverage
Initial access
Threat actor gains access to account through phishing
Microsoft Defender for Office 365 – Email messages removed after delivery – Email reported by user as malware or phish
Microsoft Defender XDR – Compromised user account in a recognized attack pattern – Anonymous IP address
Defense Evasion
Threat actor creates an inbox rule to delete incoming emails from Workday
Microsoft Defender for Cloud apps – Possible BEC-related inbox rule – Suspicious inbox manipulation rule – Suspicious Workday inbox rule creation followed by a Workday session – Malicious inbox rule manipulation possibly related to BEC payroll fraud attempt
Impact
Threat actor gains access to victim’s Workday profile and modifies payroll elections
Microsoft Defender for Cloud apps – Suspicious payroll configuration user activity in Workday
Hunting queries
Microsoft Defender XDR
The Microsoft Defender for Cloud Apps connector for Workday includes write events such as Workday account updates, payroll configuration changes, etc. These are available in the Defender XDR CloudAppEvents hunting tables for further investigation. Important events related to this attack include but are not limited:
Review inbox rules created to hide or delete incoming emails from Workday
Results of the following query may indicate an attacker is trying to delete evidence of Workday activity.
CloudAppEvents
| where Timestamp >= ago(1d)
| where Application == "Microsoft Exchange Online" and ActionType in ("New-InboxRule", "Set-InboxRule")
| extend Parameters = RawEventData.Parameters // extract inbox rule parameters
| where Parameters has "From" and Parameters has "@myworkday.com" // filter for inbox rule with From field and @MyWorkday.com in the parameters
| where Parameters has "DeleteMessage" or Parameters has ("MoveToFolder") // email deletion or move to folder (hiding)
| mv-apply Parameters on (where Parameters.Name == "From"
| extend RuleFrom = tostring(Parameters.Value))
| mv-apply Parameters on (where Parameters.Name == "Name"
| extend RuleName = tostring(Parameters.Value))
Review updates to payment election or bank account information in Workday
The following query surfaces changes to payment accounts in Workday.
CloudAppEvents
| where Timestamp >= ago(1d)
| where Application == "Workday"
| where ActionType == "Change My Account" or ActionType == "Manage Payment Elections"
| extend Descriptor = tostring(RawEventData.target.descriptor)
Review device additions in Workday
The following query looks for recent device additions in Workday. If the device is unknown, it may indicate an attacker joined their own device for persistence and MFA evasion.
CloudAppEvents
| where Timestamp >= ago(1d)
| where Application == "Workday"
| where ActionType has "Add iOS Device" or ActionType has "Add Android Device"
| extend Descriptor = tostring(RawEventData.target.descriptor) // will contain information of the device
Hunt for bulk suspicious emails from .edu sender
The following query identifies email from .edu senders sent to a high number of users.
EmailEvents
| where Timestamp >= ago(7d)
| where SenderFromDomain has "edu" or SenderMailFromDomain has "edu"
| where EmailDirection == "Inbound"
| summarize dcount(RecipientEmailAddress), dcount(InternetMessageId), make_set(InternetMessageId), dcount(Subject), dcount(NetworkMessageId), take_any(NetworkMessageId) by bin(Timestamp,1d), SenderFromAddress
| where dcount_RecipientEmailAddress > 100 // number can be adjusted, usually the sender will send emails to around 100-600 recipients per day
Hunt for phishing URL from identified .edu phish sender
If a suspicious .edu sender has been identified, use the following query to surface email events from this sender address.
EmailEvents
| where Timestamp >= ago(1d)
| where SenderFromAddress == ""
| where EmailDirection == "Inbound"
| project NetworkMessageId, Subject, InternetMessageId
| join EmailUrlInfo on NetworkMessageId
| where Timestamp >= ago(1d)
| project Url, NetworkMessageId, Subject, InternetMessageId
Hunt for user clicks to suspicious URL from the identified .edu phish sender (previous query)
If a suspicious .edu sender has been identified, use the below query to surface user clicks that may indicate a malicious link was accessed.
EmailEvents
| where Timestamp >= ago(1d)
| where SenderFromAddress == ""
| where EmailDirection == "Inbound"
| project NetworkMessageId, Subject, InternetMessageId
| join UrlClickEvents on NetworkMessageId
| where Timestamp >= ago(1d)
| project AccountUpn, Subject, InternetMessageId, DetectionMethods, ThreatTypes, IsClickedThrough // these users very likely fall into the phishing attack
Microsoft Sentinel
Install the Workday connector for Microsoft Sentinel. Microsoft Sentinel has a range of detection and threat hunting content that customers can use to detect the post exploitation activity detailed in this blog.
Microsoft Sentinel customers can use the TI Mapping analytics (a series of analytics all prefixed with ‘TI map’) to automatically match the malicious domain indicators mentioned in this blog post with data in their workspace. If the TI Map analytics are not currently deployed, customers can install the Threat Intelligence solution from the Microsoft Sentinel Content Hub to have the analytics rule deployed in their Sentinel workspace.
Malicious inbox rule
The query includes filters specific to inbox rule creation, operations for messages with ‘DeleteMessage’, and suspicious keywords.
let Keywords = dynamic(["helpdesk", " alert", " suspicious", "fake", "malicious", "phishing", "spam", "do not click", "do not open", "hijacked", "Fatal"]);
OfficeActivity
| where OfficeWorkload =~ "Exchange"
| where Operation =~ "New-InboxRule" and (ResultStatus =~ "True" or ResultStatus =~ "Succeeded")
| where Parameters has "Deleted Items" or Parameters has "Junk Email" or Parameters has "DeleteMessage"
| extend Events=todynamic(Parameters)
| parse Events with * "SubjectContainsWords" SubjectContainsWords '}'*
| parse Events with * "BodyContainsWords" BodyContainsWords '}'*
| parse Events with * "SubjectOrBodyContainsWords" SubjectOrBodyContainsWords '}'*
| where SubjectContainsWords has_any (Keywords)
or BodyContainsWords has_any (Keywords)
or SubjectOrBodyContainsWords has_any (Keywords)
| extend ClientIPAddress = case( ClientIP has ".", tostring(split(ClientIP,":")[0]), ClientIP has "[", tostring(trim_start(@'[[]',tostring(split(ClientIP,"]")[0]))), ClientIP )
| extend Keyword = iff(isnotempty(SubjectContainsWords), SubjectContainsWords, (iff(isnotempty(BodyContainsWords),BodyContainsWords,SubjectOrBodyContainsWords )))
| extend RuleDetail = case(OfficeObjectId contains '/' , tostring(split(OfficeObjectId, '/')[-1]) , tostring(split(OfficeObjectId, '\\')[-1]))
| summarize count(), StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated) by Operation, UserId, ClientIPAddress, ResultStatus, Keyword, OriginatingServer, OfficeObjectId, RuleDetail
| extend AccountName = tostring(split(UserId, "@")[0]), AccountUPNSuffix = tostring(split(UserId, "@")[1])
| extend OriginatingServerName = tostring(split(OriginatingServer, " ")[0])
Risky sign-in with new MFA method
This query identifies scenarios of risky sign-ins tied to new MFA methods being added.
let mfaMethodAdded=CloudAppEvents
| where ActionType =~ "Update user."
| where RawEventData has "StrongAuthenticationPhoneAppDetail"
| where isnotempty(RawEventData.ObjectId) and isnotempty(RawEventData.Target[1].ID)
| extend AccountUpn = tostring(RawEventData.ObjectId)
| extend AccountObjectId = tostring(RawEventData.Target[1].ID)
| project MfaAddedTimestamp=Timestamp,AccountUpn,AccountObjectId;
let usersWithNewMFAMethod=mfaMethodAdded
| distinct AccountObjectId;
let hasusersWithNewMFAMethod = isnotempty(toscalar(usersWithNewMFAMethod));
let riskySignins=AADSignInEventsBeta
| where hasusersWithNewMFAMethod
| where AccountObjectId in (usersWithNewMFAMethod)
| where RiskLevelDuringSignIn in ("50","100") //Medium and High sign-in risk level.
| where Application in ("Office 365 Exchange Online", "OfficeHome")
| where isnotempty(SessionId)
| project SignInTimestamp=Timestamp, Application, SessionId, AccountObjectId, IPAddress,RiskLevelDuringSignIn
| summarize SignInTimestamp=argmin(SignInTimestamp,*) by Application,SessionId, AccountObjectId, IPAddress,RiskLevelDuringSignIn;
mfaMethodAdded
| join riskySignins on AccountObjectId
| where MfaAddedTimestamp - SignInTimestamp
Microsoft Security Copilot
Security Copilot customers can use the standalone experience to create their own prompts or run the following prebuilt promptbooks to automate incident response or investigation tasks related to this threat:
Incident investigation
Microsoft User analysis
Threat actor profile
Threat Intelligence 360 report based on MDTI article
Vulnerability impact assessment
Note that some promptbooks require access to plugins for Microsoft products such as Microsoft Defender XDR or Microsoft Sentinel.
Acknowledgments
We would like to thank Workday for their collaboration and assistance in responding to this threat.
To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the Microsoft Threat Intelligence podcast.
The extensive collaboration features and global adoption of Microsoft Teams make it a high-value target for both cybercriminals and state-sponsored actors. Threat actors abuse its core capabilities – messaging (chat), calls and meetings, and video-based screen-sharing – at different points along the attack chain. This raises the stakes for defenders to proactively monitor, detect, and respond.
While under Microsoft’s Secure Future Initiative (SFI), default security has been strengthened by design, defenders still need to make the most out of customer-facing security capabilities. Therefore, this blog recommends countermeasures and controls across identity, endpoints, data apps, and network layers to help harden enterprise Teams environments. To frame these defenses, we first examine relevant stages of the attack chain. This guidance complements, but doesn’t repeat, the guidance built into the Microsoft Security Development Lifecycle (SDL) as outlined in the Teams Security Guide; we will instead focus on guidance for disrupting adversarial objectives based on the relatively recently observed attempts to exploit Teams infrastructure and capabilities.
Attack chain
Figure 1. Attack techniques that abuse Teams along the attack chain
Reconnaissance
Every Teams user account is backed by a Microsoft Entra ID identity. Each team member is an Entra ID object, and a team is a collection of channel objects. Teams may be configured for the cloud or a hybrid environment and supports multi-tenant organizations (MTO) and cross-tenant communication and collaboration. There are anonymous participants, guests, and external access users. From an API perspective, Teams is an object type that can be queried and stored in a local database for reconnaissance by enumerating directory objects, and mapping relationships and privileges. For example, federation tenant configuration indicates whether the tenant allows external communication and can be inferred from the API response queries reflecting the effective tenant federation policy.
While not unique to Teams, there are open-source frameworks that can specifically be leveraged to enumerate less secure users, groups, and tenants in Teams (mostly by repurposing the Microsoft Graph API or gathering DNS), including ROADtools, TeamFiltration, TeamsEnum, and MSFT-Recon-RS. These tools facilitate enumerating teams, members of teams and channels, tenant IDs and enabled domains, as well as permissiveness for communicating with external organizations and other properties, like presence. Presence indicates a user’s current availability and status outside the organization if Privacy mode is not enabled, which could then be exploited if the admin has not disabled external meetings and chat with people and organizations outside the organization (or at least limited it to specified external domains).
Many open-source tools are modular Python packages including reusable libraries and classes that can be directly imported or extended to support custom classes, meaning they are also interoperable with other custom open-source reconnaissance and discovery frameworks designed to identify potential misconfigurations.
Resource development
Microsoft continuously enhances protections against fraudulent Microsoft Entra ID Workforce tenants and the abuse of free tenants and trial subscriptions. As these defenses grow stronger, threat actors are forced to invest significantly more resources in their attempts to impersonate trusted users, demonstrating the effectiveness of our layered security approach. . This includes threat actors trying to compromise weakly configured legitimate tenants, or even actually purchasing legitimate ones if they have confidence they could ultimately profit. It should come as no surprise that if they can build a persona for social engineering, they will take advantage of the same resources as legitimate organizations, including custom domains and branding, especially if it can lend credibility to impersonating internal help desk, admin, or IT support, which could then be used as a convincing pretext to compromise targets through chat messaging and phone calls. Sophisticated threat actors try to use the very same resources used by trustworthy organizations, such as acquiring multiple tenants for staging development or running separate operations across regions, and using everyday Teams features like scheduling private meetings through chat, and audio, video and screen-sharing capabilities for productivity.
Initial access
Tech support scams remain a generally popular pretext for delivery of malicious remote monitoring and management (RMM) tools and information-stealing malware, leading to credential theft, extortion, and ransomware. There are always new variants to bypass security awareness defenses, such as the rise in email bombing to create a sense of stress and urgency to restore normalcy. In 2024, for instance, Storm-1811 impersonated tech support, claiming to be addressing junk email issues that it had initiated. They used RMM tools to deliver the ReedBed malware loader of ransomware payloads and remote command execution. Meanwhile, Midnight Blizard has successfully impersonated security and technical support teams to get targets to verify their identities under the pretext of protecting their accounts by entering authentication codes that complete the authentication flow for breaking into the accounts.
Similarly in May, Sophos identified a 3AM ransomware (believed to be a rebranding of BlackSuit) affiliate adopting techniques from Storm-1811, including flooding employees with unwanted emails followed by voice and video calls on Teams impersonating help desk personnel, claiming they needed remote access to stop the flood of junk emails. The threat actor reportedly spoofed the IT organization’s phone number.
With threat actors leveraging deepfakes, perceived authority helps make this kind of social engineering even more effective. Threat actors seeking to spoof automated workflow notifications and interactions can naturally extend to spoofing legitimate bots and agents as they gain more traction, as threat actors are turning to language models to facilitate their objectives.
Prevalent threat actors associated with ransomware campaigns, including the access broker tracked as Storm-1674 have used sophisticated red teaming tools, like TeamsPhisher, to distribute DarkGate malware and other malicious payloads over Teams. In December 2024, for example, Trend Micro reported an incident in which a threat actor impersonated a client during a Teams call to persuade a target to install AnyDesk. Remote access was reportedly then used also to deploy DarkGate. Threat actors may also just use Teams to gain initial access through drive-by-compromise activity to direct users to malicious websites.
Widely available admin tools, including AADInternals, could be leveraged to deliver malicious links and payloads directly into Teams. Teams branding (like any communications brand asset) makes for effective bait, and has been used by adversary-in-the-middle (AiTM) actors like Storm-00485. Threat actors could place malicious advertisements in search results for a spoofed app like Teams to misdirect users to a download site hosting credential-stealing malware. In July 2025, for instance, Malwarebytes reported observing a malvertising campaign delivering credential-stealing malware through a fake Microsoft Teams for Mac installer.
Whether it is a core app that is part of Teams, an app created by Microsoft, a partner app validated by Microsoft, or a custom app created by your own organization—no matter how secure an app—they could still be spoofed to gain a foothold in a network. And similar to leveraging a trusted brand like Teams, threat actors will also continue to try and take advantage of trusted relationships as well to gain Teams access, whether leveraging an account with access or abusing delegated administrator relationships to reach a target environment.
Persistence
Threat actors employ a variety of persistence techniques to maintain access to target systems—even after defenders attempt to regain control. These methods include abusing shortcuts in the Startup folder to execute malicious tools, or exploiting accessibility features like Sticky Keys (as seen in this ransomware case study). Threat actors could try to create guest users in target tenants or add their own credentials to a Teams account to maintain access.
Part of the reason device code phishing has been used to access target accounts is that it could enable persistent access for as long as the tokens remain valid. In February, Microsoft reported that Storm-2372 had been capturing authentication tokens by exploiting device code authentication flows, partially by masquerading as Microsoft Teams meeting invitations and initiating Teams chats to build rapport, so that when the targets were prompted to authenticate, they would use Storm-2372-generated device codes, enabling Storm-2372 to steal the authenticated sessions from the valid access tokens.
Teams phishing lures themselves can sometimes be a disguised attempt to help threat actors maintain persistence. For example, in July 2025, the financially motivated Storm-0324 most likely relied on TeamsPhisher to send Teams phishing lures to deliver a custom malware JSSloader for the ransomware operator Sangria Tempest to use as an access vector to maintain a foothold.
Execution
Apart from admin accounts, which are an attractive target because they come with elevated privileges, threat actors try and trick everyday Teams users into clicking links or opening files that lead to malicious code execution, just like through email.
Privilege escalation
If threat actors successfully compromise accounts or register actor-controlled devices, they often times try to change permission groups to escalate privileges.If a threat actor successfully compromises a Teams admin role, this could lead to abuse of the permissions to use the admin tools that belong to that role.
Credential access
With a valid refresh token, actors can impersonate users through Teams APIs. There is no shortage of administrator tools that can be maliciously repurposed, such as AADInternals, to intercept access to tokens with custom phishing flows. Tools like TeamFiltration could be leveraged just like for any other Microsoft 365 service for targeting Teams. If credentials are compromised through password spraying, threat actors use tools like this to request OAuth tokens for Teams and other services. Threat actors continue to try and bypass multifactor authentication (MFA) by repeatedly generating authentication prompts until someone accepts by mistake, and try to compromise MFA by adding alternate phone numbers or intercepting SMS-based codes.
For instance, the financially motivated threat actor Octo Tempest uses aggressive social engineering, including over Teams, to take control of MFA for privileged accounts. They consistently socially engineer help desk personnel, targeting federated identity providers using tools like AADInternals to federate existing domains, or spoof legitimate domains by adding and then federating new domains to forge tokens.
Discovery
To refine targeting, threat actors analyze Teams configuration data from API responses, enumerate Teams apps if they obtain unauthorized access, and search for valuable files and directories by leveraging toolkits for contextualizing potential attack paths. For instance, Void Blizzard has used AzureHound to enumerate a compromised organization’s Microsoft Entra ID configuration and gather details on users, roles, groups, applications, and devices. In a small number of compromises, the threat actor accessed Teams conversations and messages through the web client. AADInternals can also be used to discover Teams group structures and permissions.
The state-sponsored actor Peach Sandstorm has delivered malicious ZIP files through Teams, then used AD Explorer to take snapshots of on-premises Active Directory database and related files.
Lateral movement
A threat actor that manages to obtain Teams admin access (whether directly or indirectly by purchasing an admin account through a rogue online marketplace) could potentially leverage external communication settings and enable trust relationships between organizations to move laterally. In late 2024, in a campaign dubbed VEILdriveby Hunters’ Team AXON, the financially motivated cybercriminal threat actors Sangria Tempest and Storm-1674 used previously compromised accounts to impersonate IT personnel and convince a user in another organization through Teams to accept a chat request and grant access through a remote connection.
Collection
Threat actors often target Teams to try and collect information from it that could help them to accomplish their objectives, such as to discover collaboration channels or high-privileged accounts. They could try to mine Teams for any information perceived as useful in furtherance of their objectives, including pivoting from a compromised account to data accessible to that user from OneDrive or SharePoint. AADInternals can be used to collect sensitive chat data and user profiles. Post-compromise, GraphRunner can leverage the Microsoft Graph API to search all chats and channels and export Teams conversations.
Command and control
Threat actors attempt to deliver malware through file attachments in Teams chats or channels. A cracked version of Brute Ratel C4 (BRc4) includes features to establish C2 channels with platforms like Microsoft Teams by using their communications protocols to send and receive commands and data.
Post-compromise, threat actors can use red teaming tool ConvoC2 to send commands through Microsoft Teams messages using the Adaptive Card framework to embed data in hidden span tags and then exfiltrate using webhooks. But threat actors can also use legitimate remote access tools to try and establish interactive C2 through Teams.
Exfiltration
Threat actors may use Teams messages or shared links to direct data exfiltration to cloud storage under their control. Tools like TeamFiltration include an exfiltration module that rely on a valid access token to then extract recent contacts and download chats and files through OneDrive or SharePoint.
Impact
Threat actors try to use Teams messages to support financial theft through extortion, social engineering, or technical means.
Octo Tempest has used communication apps, including Teams to send taunting and threatening messages to organizations, defenders, and incident response teams as part of extortion and ransomware payment pressure tactics. After gaining control of MFA through social engineering password resets, they sign in to Teams to identify sensitive information supporting their financially motivated operations.
Configure just-in-time access to privileged roles. Use Microsoft Entra Privileged Identity Management (PIM) (preview) to provide as-needed and just-in-time access to Microsoft 365 roles to reduce standing privileges and limit exposure.
Harden endpoint security
Use configuration analyzer to strengthen security posture. Identify and remediate security policies that are less secure than the Standard or Strict protection profiles in preset security policies.
Keep Teams clients, browsers, OS, and dependencies updated.
Enable cloud-delivered protection in Defender Antivirus. Cloud-delivered protection enables sharing detection status between Microsoft 365 and Defender for Endpoint. Real-time protection blocking, including on-access scanning, is not availablewhen Defender Antivirus is running only in passive mode. You can turn on endpoint detection and response (EDR) in block mode even if Defender Antivirus isn’t your primary antivirus solution. EDR in block mode detects and remediates malicious items on the device post-breach.
Protect security settings from being disabled or changed with tamper protection.
If your organization utilizes another remote support tool such as Remote Help, disable or remove Quick Assist as a best practice, if it isn’t used within your environment.
Understand and use attack surface reduction capabilities in your environment to prevent common techniques used in combination with Teams threat activity as part of your first line of defense.
Manage call settings in Teams. Inbound calls originating from the Public Switched Telephone Network (PSTN) on a tenant global level can be blocked.
Use meeting and event policies to control the features that are available to organizers and participants.
Use the Teams admin center or PowerShell to require anonymous users and people from untrusted organizations to complete a verification check before joining the meeting.
Manage who can present and request control to generally prevent external users by default without business justification from being able to automatically request control over a shared window or screen.
Specify which types of external meetings and chat to allow and which users should have access to these features. You can change the default setting to limit external access to only allowed domains or block specific domains and subdomains. By blocking external communication with trial-only tenants, users that do not have any purchased seats are not able to search and contact your users via chat, Teams calls, and meetings.
You can prevent users that are not managed by an organization from starting conversations or prevent chat with them. If you choose to allow anonymous users in your environment, you can verify their identities by email code to join meetings (Premium).
Monitor Teams activities using activity policies in Defender for Cloud Apps. If external users are enabled, you can monitor their presence. Defender for Cloud Apps integrates directly with Microsoft 365 audit logs. Office 365 Cloud Apps Security has access to the features of Defender for Cloud Apps to support the Office 365 app connector.
Specify which users and groups can use Microsoft Teams apps or a copilot agent and control it on a per-app basis. You can change the default setting letting users install apps by default. Evaluate the compliance, security, and data handling information of an app and also understand the permissions requested by the app before you allow an app to be used.
Teams data is encrypted in transit and at rest in Microsoft services, between services, and between clients and services. For heightened confidentiality, you can also use end-to-end encryption in advanced meeting protection that is available with the Teams Premium add-on license. This encrypts audio, video, and video-based screen sharing at its origin and decrypts it at its destination.
Get started using attack simulation training. The Teams attack simulation training is currently in private preview. Build organizational resilience by raising awareness of QR code phishing, deepfakes including voice, and about protecting your organization from tech support and ClickFix scams.
Train developers to follow best practices when working with the Microsoft Graph API. Apply these practices when detecting, defending against, and responding to malicious techniques targeting Teams.
Learn more about some of the frequent initial access threats impacting SharePoint servers. SharePoint is a front end for Microsoft Teams and an attractive target.
Configure detection and response
Verify the auditing status of your organization in Microsoft Purview to make sure you can investigate incidents. In Threat Explorer, Content malware includes files detected by Safe Attachments for Teams, and URL clicks include all user clicks in Teams.
If user reporting of messages is turned on in the Teams admin center, it also needs to be turned on in the Defender portal. We encourage you to submit user reported Teams messages to Microsoft here.
Refer to the table listing the Microsoft Teams activities logged in the Microsoft 365 audit log. With the Office 365 Management Activity API, you can retrieve information about user, admin, system, and policy actions and events including from Entra activity logs.
Familiarize yourself with relevant advanced hunting schema and available tables.
Advanced hunting supports guided and advanced modes. You can use the advanced hunting queries in the advanced hunting section to hunt with these tables for Teams-related threats.
Several tables covering Teams-related threats are available in preview and populated by Defender for Office 365, including MessageEvents, MessagePostDeliveryEvents, MessageUrlInfo, and UrlClickEvents. These tables provide visibility into ZAP events and URLs in Teams messages, including allowed or blocked URL clicks in Teams clients. You can join these tables with others to gain more comprehensive insight into the progression of the attack chain and end-to-end threat activity.
Connect Microsoft 365 to Microsoft Defender for Cloud Apps.
To hunt for Teams messages without URLs, use the CloudAppEvents table, populated by Defender for Cloud Apps. This table also includes chat monitoring events, meeting and Teams call tracking, and behavioral analytics. To make sure advanced hunting tables are populated by Defender for Cloud Apps data, go to the Defender portal and select Settings > Cloud apps > App connectors. Then, in the Select Microsoft 365 components page, select the Microsoft 365 activities checkbox. Control Microsoft 365 with built-in policies and policy templates to detect and notify you about potential threats.
Many of the detection types enabled by default apply to Teams and do not require custom policy creation, including sign-ins from geographically distant locations in a short time, access from a country not previously associated with a user, unexpected admin actions, mass downloads, activity from anonymous IP addresses, or from a device flagged as malware-infected by Defender for Endpoint, as well as Oauth app abuse (when app governance is turned on).
Defender for Cloud Apps enables you to identify high-risk use and cloud security issues, detect abnormal user behavior, and prevent threats in your sanctioned cloud apps. You can integrate Defender for Cloud Apps with Microsoft Sentinel (preview) or use the supported APIs.
Refer to the compromised and malicious applications incident response playbook. This playbook includes relevant guidance for identifying and investigating malicious activity on third-party apps installed in Teams, custom apps using the Graph API for Teams, or OAuth abuse involving Teams permissions.
Discover and enable the Microsoft Sentinel data lake in Defender XDR. Sentinel data lake brings together security logs from data sources like Microsoft Defender and Microsoft Sentinel, Microsoft 365, Microsoft Entra ID, Purview, Intune, Microsoft Resource Graph, firewall and network logs, identity and access logs, DNS, plus sources from hundreds of connectors and solutions, including Microsoft Defender Threat Intelligence. Advanced hunting KQL queries can be run directly on the data lake. You can analyze the data using Jupyter notebooks.
Microsoft Defender detections
Microsoft Defender XDR customers can refer to the list of applicable detections below. Microsoft Defender XDR coordinates detection, prevention, investigation, and response across endpoints, identities, email, apps to provide integrated protection against attacks like the threat discussed in this blog.
Customers with provisioned access can also use Microsoft Security Copilot in Microsoft Defender to investigate and respond to incidents, hunt for threats, and protect their organization with relevant threat intelligence.
Microsoft Defender XDR
The following alerts might indicate threat activity associated with this threat.
Malicious sign in from a risky IP address
Malicious sign in from an unusual user agent
Account compromised following a password-spray attack
Compromised user account identified in Password Spray activity
Successful authentication after password spray attack
Password Spray detected via suspicious Teams client (TeamFiltration)
Microsoft Entra ID Protection
Any type of sign-in and user risk detection might also indicate threat activity associated with this threat. An example is listed below. These alerts, however, can be triggered by unrelated threat activity.
Impossible travel
Anomalous Microsoft Teams login from web client
Microsoft Defender for Endpoint
The following alerts might indicate threat activity associated with this threat.
Suspicious module loaded using Microsoft Teams
The following alerts might also indicate threat activity associated with this threat. These alerts, however, can be triggered by unrelated threat activity and are not monitored in the status cards provided with this report.
Suspicious usage of remote management software
Microsoft Defender for Office 365
The following alerts might indicate threat activity associated with this threat.
Malicious link shared in Teams chat
User clicked a malicious link in Teams chat
When Microsoft Defender for Cloud Apps is enabled, the following alert might indicate threat activity associated with this threat.
Potentially Malicious IT Support Teams impersonation post mail bombing
The following alerts might also indicate threat activity associated with this threat. These alerts, however, can be triggered by unrelated threat activity and are not monitored in the status cards provided with this report.
A potentially malicious URL click was detected
Possible AiTM phishing attempt
Microsoft Defender for Identity
The following Microsoft Defender for Identity alerts can indicate associated threat activity:
Account enumeration reconnaissance
Suspicious additions to sensitive groups
Account Enumeration reconnaissance (LDAP)
Microsoft Defender for Cloud Apps
The following alerts might indicate threat activity associated with this threat.
Consent granted to application with Microsoft Teams permissions
Risky user installed a suspicious application in Microsoft Teams
Compromised account signed in to Microsoft Teams
Microsoft Teams chat initiated by a suspicious external user
Suspicious Teams access via Graph API
The following alerts might also indicate threat activity associated with this threat. These alerts, however, can be triggered by unrelated threat activity and are not monitored in the status cards provided with this report.
Possible mail exfiltration by app
Microsoft Security Copilot
Microsoft Security Copilot customers can use the Copilot in Defender embedded experience to check the impact of this report and get insights based on their environment’s highest exposure level in Threat analytics, Intel profiles, Intel Explorer and Intel projects pages of the Defender portal.
You can also use Copilot in Defender to speed up analysis of suspicious scripts and command lines by inspecting them below the incident graph on an incident page and in the timeline on the Device entity page without using external tools.
Threat intelligence reports
Microsoft customers can use the following reports in Microsoft products to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this blog. These reports provide the intelligence, protection information, and recommended actions to prevent, mitigate, or respond to associated threats found in customer environments.
Microsoft Security Copilot customers can also use the Microsoft Security Copilot integration in Microsoft Defender Threat Intelligence, either in the Security Copilot standalone portal or in the embedded experience in the Microsoft Defender portal to get more information about this threat actor.
Hunting queries
Microsoft Defender XDR
Advanced hunting allows you to view and query all the data sources available within the unified Microsoft Defender portal, which include Microsoft Defender XDR and various Microsoft security services.
After onboarding to the Microsoft Sentinel data lake, auxiliary log tables are no longer available in Microsoft Defender advanced hunting. Instead, you can access them through data lake exploration Kusto Query Language (KQL) queries in the Defender portal. For more information, see KQL queries in the Microsoft Sentinel data lake.
You can design and tweak custom detection rules using the advanced hunting queries and set them to run at regular intervals, generating alerts and taking response actions whenever there are matches. You can also link the generated alert to this report so that it appears in the Related incidents tab in threat analytics. Custom detection rule can automatically take actions on devices, files, users, or emails that are returned by the query. To make sure you’re creating detections that trigger true alerts, take time to review your existing custom detections by following the steps in Manage existing custom detection rules.
Detect potential data exfiltration from Teams
let timeWindow = 1h;
let messageThreshold = 20;
let trustedDomains = dynamic(["trustedpartner.com", "anothertrusted.com"]);
CloudAppEvents
| where Timestamp > ago(1d)
| where ActionType == "MessageSent"
| where Application == "Microsoft Teams"
| where isnotempty(AccountObjectId)
| where tostring(parse_json(RawEventData).ParticipantInfo.HasForeignTenantUsers) == "true"
| where tostring(parse_json(RawEventData).CommunicationType) in ("OneOnOne", "GroupChat")
| extend RecipientDomain = tostring(parse_json(RawEventData).ParticipantInfo.ParticipatingDomains[1])
| where RecipientDomain !in (trustedDomains)
| extend SenderUPN = tostring(parse_json(RawEventData).UserId)
| summarize MessageCount = count() by bin(Timestamp, timeWindow), SenderUPN, RecipientDomain
| where MessageCount > messageThreshold
| project Timestamp, MessageCount, SenderUPN, RecipientDomain
| sort by MessageCount desc
Detect mail bombing that sometimes precedes technical support scams on Microsoft Teams
EmailEvents
| where Timestamp > ago(1d)
| where DetectionMethods contains "Mail bombing"
| project Timestamp, NetworkMessageId, SenderFromAddress, Subject, ReportId
Detect malicious Teams content from MessageEvents
MessageEvents
| where Timestamp > ago(1d)
| where ThreatTypes has "Phish"
or ThreatTypes has "Malware"
or ThreatTypes has "Spam"
| project Timestamp, SenderDisplayName, SenderEmailAddress, RecipientDetails, IsOwnedThread, ThreadType, IsExternalThread, ReportId
Detect communication with external help desk/support representatives
MessageEvents
| where Timestamp > ago(5d)
| where IsExternalThread == true
| where (RecipientDetails contains "help" and RecipientDetails contains "desk")
or (RecipientDetails contains "it" and RecipientDetails contains "support")
or (RecipientDetails contains "working" and RecipientDetails contains "home")
or (SenderDisplayName contains "help" and SenderDisplayName contains "desk")
or (SenderDisplayName contains "it" and SenderDisplayName contains "support")
or (SenderDisplayName contains "working" and SenderDisplayName contains "home")
| project Timestamp, SenderDisplayName, SenderEmailAddress, RecipientDetails, IsOwnedThread, ThreadType
Expand detection of communication with external help desk/support representatives by searching for linked process executions
let portableExecutable = pack_array("binary.exe", "portable.exe");
let timeAgo = ago(30d);
MessageEvents
| where Timestamp > timeAgo
| where IsExternalThread == true
| where (RecipientDetails contains "help" and RecipientDetails contains "desk")
or (RecipientDetails contains "it" and RecipientDetails contains "support")
or (RecipientDetails contains "working" and RecipientDetails contains "home")
| summarize spamEvent = min(Timestamp) by SenderEmailAddress
| join kind=inner (
DeviceProcessEvents
| where Timestamp > timeAgo
| where FileName in (portableExecutable)
) on $left.SenderEmailAddress == $right.InitiatingProcessAccountUpn
| where spamEvent
Surface Teams threat activity using Microsoft Security Copilot
Microsoft Security Copilot in Microsoft Defender comes with a query assistant capability in advanced hunting. You can also run the following prompt in Microsoft Security Copilot pane in the Advanced hunting page or by reopening Copilot from the top of the query editor:
Show me recent activity in the last 7 days that matches attack techniques described in the Microsoft Teams technique profile. Include relevant alerts, affected users and devices, and generate advanced hunting queries to investigate further.
Microsoft Sentinel
Possible Teams phishing activity
This query specifically monitors Microsoft Teams for one-on-one chats involving impersonated users (e.g., 'Help Desk', 'Microsoft Security').
let suspiciousUpns = DeviceProcessEvents
| where DeviceId == "alertedMachine"
| where isnotempty(InitiatingProcessAccountUpn)
| project InitiatingProcessAccountUpn;
CloudAppEvents
| where Application == "Microsoft Teams"
| where ActionType == "ChatCreated"
| where isempty(AccountObjectId)
| where RawEventData.ParticipantInfo.HasForeignTenantUsers == true
| where RawEventData.CommunicationType == "OneonOne"
| where RawEventData.ParticipantInfo.HasGuestUsers == false
| where RawEventData.ParticipantInfo.HasOtherGuestUsers == false
| where RawEventData.Members[0].DisplayName in ("Microsoft Security", "Help Desk", "Help Desk Team", "Help Desk IT", "Microsoft Security", "office")
| where AccountId has "@"
| extend TargetUPN = tolower(tostring(RawEventData.Members[1].UPN))
| where TargetUPN in (suspiciousUpns)
Files uploaded to Teams and access summary
This query identifies files uploaded to Microsoft Teams chat files and their access history, specifically mentioning operations from SharePoint. It allows tracking of potential file collection activity through Teams-related storage.
OfficeActivity
| where RecordType =~ "SharePointFileOperation"
| where Operation =~ "FileUploaded"
| where UserId != "app@sharepoint"
| where SourceRelativeUrl has "Microsoft Teams Chat Files"
| join kind= leftouter (
OfficeActivity
| where RecordType =~ "SharePointFileOperation"
| where Operation =~ "FileDownloaded" or Operation =~ "FileAccessed"
| where UserId != "app@sharepoint"
| where SourceRelativeUrl has "Microsoft Teams Chat Files"
) on OfficeObjectId
| extend userBag = bag_pack(UserId1, ClientIP1)
| summarize make_set(UserId1, 10000), make_bag(userBag, 10000) by TimeGenerated, UserId, OfficeObjectId, SourceFileName
| extend NumberUsers = array_length(bag_keys(bag_userBag))
| project timestamp=TimeGenerated, UserId, FileLocation=OfficeObjectId, FileName=SourceFileName, AccessedBy=bag_userBag, NumberOfUsersAccessed=NumberUsers
| extend AccountName = tostring(split(UserId, "@")[0]), AccountUPNSuffix = tostring(split(UserId, "@")[1])
| extend Account_0_Name = AccountName
| extend Account_0_UPNSuffix = AccountUPNSuffix
To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the Microsoft Threat Intelligence podcast.
Building on the momentum of our initial launch of the Microsoft Secure Future Initiative (SFI) patterns and practices, this second installment continues our commitment to making security implementation practical and scalable. The first release introduced a foundational library of actionable guidance rooted in proven architectures like Zero Trust. Now, we’re expanding that guidance with new examples that reflect our ongoing learnings—helping customers and partners understand our strategic approach more deeply and apply it effectively in their own environments.
This next set of SFI patterns and practices articles include practical, actionable guidance built by practitioners, for practitioners, in the areas of network, engineering systems, and security response. Each of the six articles includes details on how Microsoft has improved our security posture in each area so customers, partners, and the broader security community can do the same.
Contain breaches by default. Strongly segment and isolate your network (through per-service ACLs, isolated virtual networks, and more) to prevent lateral movement and limit cyberattackers if they get in.
Help eliminate “shadow” tenants. Apply baseline security policies, such as multifactor authentication (MFA), Conditional Access, and more, to every cloud tenant and retire unused ones, so cyberattackers can’t exploit forgotten, weakly-secured environments.
Close identity backdoors. Enforce high security standards for all Microsoft Entra ID (Azure AD) applications—removing unused apps, tightening permissions, and requiring strong authorization—to block common misconfigurations cyberattackers abuse for cross-tenant attacks.
Secure the dev pipeline. Require proof-of-presence MFA for critical code commits and merges to help ensure only verified developers can push code and stop cyberattackers from surreptitiously injecting changes.
Lock down builds and dependencies. Govern your continuous integration and continuous delivery (CI/CD) pipelines and package management—use standardized build templates, internal package feeds, and automated scanning to block supply chain cyberattacks before they reach production.
Speed up investigations. Standardize and centralize your log collection (with longer retention) so that security teams have unified visibility and can detect and investigate incidents faster—even across complex, multi-cloud environments.
More about SFI patterns and practices
Just as software design patterns provide reusable solutions to common engineering problems, SFI patterns and practices offer repeatable, proven approaches to solving complex cybersecurity challenges. Each pattern is crafted to address a specific security risk—legacy infrastructure or inconsistent CI/CD pipelines—and is grounded in Microsoft’s own experience. Like design patterns in software architecture, these security patterns are modular, extensible, and built for reuse across diverse environments.
Additionally, each pattern in the SFI patterns and practices library follows a consistent and purposeful structure. Every article begins with a pattern name—a concise handle that captures the essence of the cybersecurity challenge. The problem section outlines the security risk and its real-world context, helping readers understand why it matters. The solution describes how Microsoft addressed the issue internally. The guidance section provides practical recommendations that customers can consider applying in their own environments. Finally, the implications section outlines the outcomes and trade-offs of implementing the pattern, helping organizations anticipate both the benefits and the operational considerations.
This structure offers a framework for understanding, applying, and evolving security practices.
Security is a journey, and Microsoft is committed to sharing our insights from SFI. Watch for more actionable advice in coming months. SFI patterns and practices provide a roadmap for putting secure architecture into practice. Embracing these approaches enables organizations to advance their security posture, minimize deployment hurdles, and establish environments that are secure by design, by default, and in operations.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.
Incident response is never orderly. Threat actors don’t wait. Environments are compromised. Data is missing. Confidence is shaken. But for Microsoft’s Incident Response (IR) team, that chaos is exactly where the work begins.
In Episode 1, we showed how Microsoft Threat Intelligence and the Digital Crime Unit (DCU) disrupted Storm-1152’s massive fake account operation, turning threat intelligence into global action. In this second chapter of Inside Microsoft Threat Intelligence, we move from disruption to response, showing what happens when defenders face the worst day in security, and how calm leadership transforms outcomes.
Adrian Hill, lead investigator for Microsoft IR, explains it simply: “Our job is to bring clarity, calm, and momentum—fast. We set the tone in the first 30 seconds. Because if the customer doesn’t trust us immediately, we can’t help them recover.”
Whether dropped into an active breach or brought in for proactive support, Microsoft’s IR team works to stabilize, guide, and rebuild. Every engagement starts with empathy and ends with action.
Putting the customer first
In high-stakes incidents, Microsoft Incident Response isn’t always the only team on site. Adrian often finds himself shoulder to shoulder with other vendors and internal stakeholders. But rather than compete, he leads with clarity and collaboration, and ensure all parties are marching toward the same goal.
In one recent case, Microsoft joined mid-incident while a threat actor still had active control of the environment. The customer wasn’t even aware Microsoft’s IR team was on deck. Within 30 minutes, Adrian’s team had surfaced threat intelligence from Defender and other telemetry sources that no one else had uncovered. It wasn’t just a faster response. It changed the customer’s perception of what Microsoft Incident Response could deliver.
Turning chaos into ecosystem protection
Microsoft’s IR team doesn’t just clean up attacks; they feed intelligence back into the ecosystem. Every novel tactic, unusual behavior, or new artifact discovered during a customer engagement gets routed back to Microsoft Threat Intelligence. That insight becomes new detections, improved playbooks, and protections that safeguard millions of users and organizations worldwide.
This loop, from the field to Microsoft Threat Intelligence to product integration, is what makes our end-to-end security story unique. Incident response isn’t the last line of defense. It’s the front line of innovation.
From recovery to partnership
IR is rarely one-and-done. In the same engagement, Adrian’s team helped recover cloud backups, secure infrastructure, and walk the customer through containment and long-term strategy. Months later, the organization came back for further briefings, roadmap work, and proactive guidance.
That follow-through is what builds trust and transforms perception.
“We don’t show up to pitch Microsoft,” Adrian says. “We show up to help people. And that’s what makes them want to keep working with us.”
Microsoft’s incident response isn’t just about stopping attacks. It’s about restoring confidence and helping customers take control of their security future and building resilience.
Missed episode one of Inside Microsoft Threat Intelligence? Catch it here.
On September 18, 2025, Fortra published a security advisory regarding a critical deserialization vulnerability in GoAnywhere MFT’s License Servlet, which is tracked as CVE-2025-10035 and has a CVSS score of 10.0. The vulnerability could allow a threat actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection and potential remote code execution (RCE). A cybercriminal group tracked by Microsoft Threat Intelligence as Storm-1175, known for deploying Medusa ransomware and exploiting public-facing applications for initial access, was observed exploiting the vulnerability.
Microsoft urges customers to upgrade to the latest version following Fortra’s recommendations. We are publishing this blog post to increase awareness of this threat and to share end-to-end protection coverage details across Microsoft Defender, as well as security posture hardening recommendations for customers.
Vulnerability analysis
The vulnerability, tracked as CVE-2025-10035, is a critical deserialization flaw impacting GoAnywhere MFT’s License Servlet Admin Console versions up to 7.8.3. It enables an attacker to bypass signature verification by crafting a forged license response signature, which then allows the deserialization of arbitrary, attacker-controlled objects.
Successful exploitation could result in command injection and potential RCE on the affected system. Public reports indicate that exploitation does not require authentication if the attacker can craft or intercept valid license responses, making this vulnerability particularly dangerous for internet-exposed instances.
The impact of CVE-2025-10035 is amplified by the fact that, upon successful exploitation, attackers could perform system and user discovery, maintain long-term access, and deploy additional tools for lateral movement and malware. Public advisories recommend immediate patching, reviewing license verification mechanisms, and closely monitoring for suspicious activity in GoAnywhere MFT environments to mitigate risks associated with this vulnerability.
Exploitation activity by Storm-1175
Microsoft Defender researchers identified exploitation activity in multiple organizations aligned to tactics, techniques, and procedures (TTPs) attributed to Storm-1175. Related activity was observed on September 11, 2025.
An analysis of the threat actor’s TTPs reveals a multi-stage attack. For initial access, the threat actor exploited the then-zero-day deserialization vulnerability in GoAnywhere MFT. To maintain persistence, they abused remote monitoring and management (RMM) tools, specifically SimpleHelp and MeshAgent. They dropped the RMM binaries directly under the GoAnywhere MFT process. In addition to these RMM payloads, the creation of .jsp files within the GoAnywhere MFT directories was observed, often at the same time as the dropped RMM tools.
The threat actor then executed user and system discovery commands and deployed tools like netscan for network discovery. Lateral movement was achieved using mstsc.exe, allowing the threat actor to move across systems within the compromised network.
For command and control (C2), the threat actor utilized RMM tools to establish their infrastructure and even set up a Cloudflare tunnel for secure C2 communication. During the exfiltration stage, the deployment and execution of Rclone was observed in at least one victim environment. Ultimately, in one compromised environment, the successful deployment of Medusa ransomware was observed.
Mitigation and protection guidance
Microsoft recommends the following mitigations to reduce the impact of this threat.
Upgrade to the latest version following Fortra’s recommendations. Note that upgrading does not address previous exploitation activity, and review of the impacted system may be required.
Use an enterprise attack surface management product, like Microsoft Defender External Attack Surface Management (Defender EASM), to discover unpatched systems on your perimeter.
Check your perimeter firewall and proxy to ensure servers are restricted from accessing the internet for arbitrary connections, like browsing and downloads. Such restrictions help inhibit malware downloads and command-and-control activity.
Run endpoint detection and response (EDR) in block mode so that Microsoft Defender for Endpoint can block malicious artifacts, even when your non-Microsoft antivirus does not detect the threat or when Microsoft Defender Antivirus is running in passive mode. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach.
Enable investigation and remediation in full automated mode to allow Microsoft Defender for Endpoint to take immediate action on alerts to resolve breaches, significantly reducing alert volume.
Turn on block mode in Microsoft Defender Antivirus, or the equivalent for your antivirus product, to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block a majority of new and unknown variants.
Microsoft Defender customers can turn on attack surface reduction rules to prevent common attack techniques used in ransomware attacks. Attack surface reduction rules are sweeping settings that are effective at stopping entire classes of threats:
Following the release of the vulnerability, the Microsoft Defender Research Team ensured that protections are deployed for customers, from ensuring that Microsoft Defender Vulnerability Management correctly identifies and surfaces all vulnerable devices in impacted customer environments, to building Microsoft Defender for Endpoint detections and alerting along the attack chain.
Microsoft Defender Vulnerability Management customers can search for this vulnerability in the Defender Portal or navigate directly to the CVE page to view a detailed list of the exposed devices within their organization.
Customers of Microsoft Defender Experts for XDR that might have been impacted have also been notified of any post-exploitation activity and recommended actions.
Microsoft Defender XDR customers can refer to the list of applicable detections below. Microsoft Defender XDR coordinates detection, prevention, investigation, and response across endpoints, identities, email, apps to provide integrated protection against attacks like the threat discussed in this blog.
Customers with provisioned access can also use Microsoft Security Copilot in Microsoft Defender to investigate and respond to incidents, hunt for threats, and protect their organization with relevant threat intelligence.
Tactic
Observed activity
Microsoft Defender coverage
Initial access
Exploitation of GoAnywhere MFT via deserialization in Licensing Service
Microsoft Defender for Endpoint detects possible exploitation via the following alert: – Possible exploitation of GoAnywhere MFT vulnerability
Microsoft Defender Experts for XDR can detect possible exploitation via the following alerts: – Possible exploitation of vulnerability in GoAnywhere Tomcat – Possible discovery activity following successful Tomcat vulnerability exploitation
Microsoft Defender Vulnerability Management(MDVM) surfaces devices vulnerable to CVE-2025-10035.
Microsoft Defender External Attack Surface Management Attack Surface Insights with the following title can indicate vulnerable devices on your network but is not necessarily indicative of exploitation: – [Potential] CVE-2025-10035 – GoAnywhere MFT Command Injection via Deserialization in Licensing Service
(Note: An Attack Surface Insight marked as potential indicates a service is running but cannot validate whether that service is running a vulnerable version. Check resources to verify that they are up to date.)
Persistence
Dropping and abuse of remote monitoring and management (RMM) tool and suspected web shell deployment; creation of .jsp files within the GoAnywhere MFT directories
Microsoft Defender for Endpoint detects possible signs of the attacker deploying persistence mechanisms via the following alerts: – Uncommon remote access software – Remote access software – Suspicious file dropped and launched – Suspicious service launched – Suspicious account creation – User account created under suspicious circumstances – New local admin added using Net commands – New group added suspiciously – Suspicious Windows account manipulation – Ransomware-linked threat actor detected
Discovery
User and system discovery commands; deployment of tools such as netscan for network discovery
Microsoft Defender for Endpoint detects malicious exploration activities via the following alerts: – Suspicious sequence of exploration activities – Anomalous account lookups – Suspicious Windows account manipulation
Command and control
Use of RMM tools for establishing C2 infrastructure and setup of Cloudflare tunnel for secure C2 communication
Microsoft Defender for Endpoint detects C2 activities observed in this campaign via the following alerts: – Uncommon remote access software – Remote access software
Exfiltration
Rclone deployment and execution
Microsoft Defender for Endpoint detects exfiltration activities observed in this campaign via the following alert: – Ransomware-linked threat actor detected
Actions on objectives
Deployment of Medusa ransomware
Microsoft Defender Antivirus detects the ransomware payload used in this attack as the following threat: – Ransom:Win32/Medusa
Microsoft Defender for Endpoint detects the ransomware payload via the following alerts: – Ransomware-linked threat actor detected
Microsoft Security Copilot
Security Copilot customers can use the standalone experience to create their own prompts or run the following prebuilt promptbooks to automate incident response or investigation tasks related to this threat:
Incident investigation
Microsoft User analysis
Threat actor profile
Threat Intelligence 360 report based on MDTI article
Vulnerability impact assessment
Note that some promptbooks require access to plugins for Microsoft products such as Microsoft Defender XDR or Microsoft Sentinel.
Threat intelligence reports
Microsoft Defender XDR customers can use the following threat analytics reports in the Defender portal (requires license for at least one Defender XDR product) to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this blog. These reports provide the intelligence, protection information, and recommended actions to prevent, mitigate, or respond to associated threats found in customer environments.
Microsoft Security Copilot customers can also use the Microsoft Security Copilot integration in Microsoft Defender Threat Intelligence, either in the Security Copilot standalone portal or in the embedded experience in the Microsoft Defender portal to get more information about this threat actor.
Hunting queries
Microsoft Defender XDR
Microsoft Defender XDR customers can run the following query to find related activity in their networks:
Vulnerable devices
Find devices affected by the CVE-2025-10035 vulnerability.
DeviceTvmSoftwareVulnerabilities
| where CveId in ("CVE-2025-10035")
| summarize by DeviceName, CveId
Possible GoAnywhere MFT exploitation
Look for suspicious PowerShell commands indicative of GoAnywhere MFT exploitation. These commands are also detected with the Defender for Endpoint alert Possible exploitation of GoAnywhere MFT vulnerability.
Look for suspicious cmd.exe commands launched after possible GoAnywhere MFT exploitation. These commands are also detected with the Defender for Endpoint alert Possible exploitation of GoAnywhere MFT vulnerability.
DeviceProcessEvents
| where InitiatingProcessFolderPath contains @"\GoAnywhere\"
| where InitiatingProcessFileName contains "tomcat"
| where InitiatingProcessCommandLine endswith "//RS//GoAnywhere"
| where ProcessCommandLine !contains @"\GIT\"
| where FileName == "cmd.exe"
| where ProcessCommandLine has_any ("powershell.exe", "powershell ", "rundll32.exe", "rundll32 ", "bitsadmin.exe", "bitsadmin ", "wget http", "quser") or ProcessCommandLine has_all ("nltest", "/dclist") or ProcessCommandLine has_all ("nltest", "/domain_trusts") or ProcessCommandLine has_all ("net", "user ", "/add") or ProcessCommandLine has_all ("net", "user ", " /domain") or ProcessCommandLine has_all ("net", " group", "/domain")
Storm-1175 indicators of compromise
The following query identifies known post-compromise tools leveraged in recent GoAnywhere exploitation activity attributed to Storm-1175. Note that the alert Ransomware-linked threat actor detected will detect these hashes.
let fileHashes = dynamic(["4106c35ff46bb6f2f4a42d63a2b8a619f1e1df72414122ddf6fd1b1a644b3220", "c7e2632702d0e22598b90ea226d3cde4830455d9232bd8b33ebcb13827e99bc3", "cd5aa589873d777c6e919c4438afe8bceccad6bbe57739e2ccb70b39aee1e8b3", "5ba7de7d5115789b952d9b1c6cff440c9128f438de933ff9044a68fff8496d19"]);
union
(
DeviceFileEvents
| where SHA256 in (fileHashes)
| project Timestamp, FileHash = SHA256, SourceTable = "DeviceFileEvents"
),
(
DeviceEvents
| where SHA256 in (fileHashes)
| project Timestamp, FileHash = SHA256, SourceTable = "DeviceEvents"
),
(
DeviceImageLoadEvents
| where SHA256 in (fileHashes)
| project Timestamp, FileHash = SHA256, SourceTable = "DeviceImageLoadEvents"
),
(
DeviceProcessEvents
| where SHA256 in (fileHashes)
| project Timestamp, FileHash = SHA256, SourceTable = "DeviceProcessEvents"
)
| order by Timestamp desc
Indicators of compromise
File IoCs (RMM tools in identified Storm-1175 exploitation activity):
To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the Microsoft Threat Intelligence podcast.
The extensive collaboration features and global adoption of Microsoft Teams make it a high-value target for both cybercriminals and state-sponsored actors. Threat actors abuse its core capabilities – messaging (chat), calls and meetings, and video-based screen-sharing – at different points along the attack chain. This raises the stakes for defenders to proactively monitor, detect, and respond.
While under Microsoft’s Secure Future Initiative (SFI), default security has been strengthened by design, defenders still need to make the most out of customer-facing security capabilities. Therefore, this blog recommends countermeasures and controls across identity, endpoints, data apps, and network layers to help harden enterprise Teams environments. To frame these defenses, we first examine relevant stages of the attack chain. This guidance complements, but doesn’t repeat, the guidance built into the Microsoft Security Development Lifecycle (SDL) as outlined in the Teams Security Guide; we will instead focus on guidance for disrupting adversarial objectives based on the relatively recently observed attempts to exploit Teams infrastructure and capabilities.
Attack chain
Figure 1. Attack techniques that abuse Teams along the attack chain
Reconnaissance
Every Teams user account is backed by a Microsoft Entra ID identity. Each team member is an Entra ID object, and a team is a collection of channel objects. Teams may be configured for the cloud or a hybrid environment and supports multi-tenant organizations (MTO) and cross-tenant communication and collaboration. There are anonymous participants, guests, and external access users. From an API perspective, Teams is an object type that can be queried and stored in a local database for reconnaissance by enumerating directory objects, and mapping relationships and privileges. For example, federation tenant configuration indicates whether the tenant allows external communication and can be inferred from the API response queries reflecting the effective tenant federation policy.
While not unique to Teams, there are open-source frameworks that can specifically be leveraged to enumerate less secure users, groups, and tenants in Teams (mostly by repurposing the Microsoft Graph API or gathering DNS), including ROADtools, TeamFiltration, TeamsEnum, and MSFT-Recon-RS. These tools facilitate enumerating teams, members of teams and channels, tenant IDs and enabled domains, as well as permissiveness for communicating with external organizations and other properties, like presence. Presence indicates a user’s current availability and status outside the organization if Privacy mode is not enabled, which could then be exploited if the admin has not disabled external meetings and chat with people and organizations outside the organization (or at least limited it to specified external domains).
Many open-source tools are modular Python packages including reusable libraries and classes that can be directly imported or extended to support custom classes, meaning they are also interoperable with other custom open-source reconnaissance and discovery frameworks designed to identify potential misconfigurations.
Resource development
Microsoft continuously enhances protections against fraudulent Microsoft Entra ID Workforce tenants and the abuse of free tenants and trial subscriptions. As these defenses grow stronger, threat actors are forced to invest significantly more resources in their attempts to impersonate trusted users, demonstrating the effectiveness of our layered security approach. . This includes threat actors trying to compromise weakly configured legitimate tenants, or even actually purchasing legitimate ones if they have confidence they could ultimately profit. It should come as no surprise that if they can build a persona for social engineering, they will take advantage of the same resources as legitimate organizations, including custom domains and branding, especially if it can lend credibility to impersonating internal help desk, admin, or IT support, which could then be used as a convincing pretext to compromise targets through chat messaging and phone calls. Sophisticated threat actors try to use the very same resources used by trustworthy organizations, such as acquiring multiple tenants for staging development or running separate operations across regions, and using everyday Teams features like scheduling private meetings through chat, and audio, video and screen-sharing capabilities for productivity.
Initial access
Tech support scams remain a generally popular pretext for delivery of malicious remote monitoring and management (RMM) tools and information-stealing malware, leading to credential theft, extortion, and ransomware. There are always new variants to bypass security awareness defenses, such as the rise in email bombing to create a sense of stress and urgency to restore normalcy. In 2024, for instance, Storm-1811 impersonated tech support, claiming to be addressing junk email issues that it had initiated. They used RMM tools to deliver the ReedBed malware loader of ransomware payloads and remote command execution. Meanwhile, Midnight Blizard has successfully impersonated security and technical support teams to get targets to verify their identities under the pretext of protecting their accounts by entering authentication codes that complete the authentication flow for breaking into the accounts.
Similarly in May, Sophos identified a 3AM ransomware (believed to be a rebranding of BlackSuit) affiliate adopting techniques from Storm-1811, including flooding employees with unwanted emails followed by voice and video calls on Teams impersonating help desk personnel, claiming they needed remote access to stop the flood of junk emails. The threat actor reportedly spoofed the IT organization’s phone number.
With threat actors leveraging deepfakes, perceived authority helps make this kind of social engineering even more effective. Threat actors seeking to spoof automated workflow notifications and interactions can naturally extend to spoofing legitimate bots and agents as they gain more traction, as threat actors are turning to language models to facilitate their objectives.
Prevalent threat actors associated with ransomware campaigns, including the access broker tracked as Storm-1674 have used sophisticated red teaming tools, like TeamsPhisher, to distribute DarkGate malware and other malicious payloads over Teams. In December 2024, for example, Trend Micro reported an incident in which a threat actor impersonated a client during a Teams call to persuade a target to install AnyDesk. Remote access was reportedly then used also to deploy DarkGate. Threat actors may also just use Teams to gain initial access through drive-by-compromise activity to direct users to malicious websites.
Widely available admin tools, including AADInternals, could be leveraged to deliver malicious links and payloads directly into Teams. Teams branding (like any communications brand asset) makes for effective bait, and has been used by adversary-in-the-middle (AiTM) actors like Storm-00485. Threat actors could place malicious advertisements in search results for a spoofed app like Teams to misdirect users to a download site hosting credential-stealing malware. In July 2025, for instance, Malwarebytes reported observing a malvertising campaign delivering credential-stealing malware through a fake Microsoft Teams for Mac installer.
Whether it is a core app that is part of Teams, an app created by Microsoft, a partner app validated by Microsoft, or a custom app created by your own organization—no matter how secure an app—they could still be spoofed to gain a foothold in a network. And similar to leveraging a trusted brand like Teams, threat actors will also continue to try and take advantage of trusted relationships as well to gain Teams access, whether leveraging an account with access or abusing delegated administrator relationships to reach a target environment.
Persistence
Threat actors employ a variety of persistence techniques to maintain access to target systems—even after defenders attempt to regain control. These methods include abusing shortcuts in the Startup folder to execute malicious tools, or exploiting accessibility features like Sticky Keys (as seen in this ransomware case study). Threat actors could try to create guest users in target tenants or add their own credentials to a Teams account to maintain access.
Part of the reason device code phishing has been used to access target accounts is that it could enable persistent access for as long as the tokens remain valid. In February, Microsoft reported that Storm-2372 had been capturing authentication tokens by exploiting device code authentication flows, partially by masquerading as Microsoft Teams meeting invitations and initiating Teams chats to build rapport, so that when the targets were prompted to authenticate, they would use Storm-2372-generated device codes, enabling Storm-2372 to steal the authenticated sessions from the valid access tokens.
Teams phishing lures themselves can sometimes be a disguised attempt to help threat actors maintain persistence. For example, in July 2025, the financially motivated Storm-0324 most likely relied on TeamsPhisher to send Teams phishing lures to deliver a custom malware JSSloader for the ransomware operator Sangria Tempest to use as an access vector to maintain a foothold.
Execution
Apart from admin accounts, which are an attractive target because they come with elevated privileges, threat actors try and trick everyday Teams users into clicking links or opening files that lead to malicious code execution, just like through email.
Privilege escalation
If threat actors successfully compromise accounts or register actor-controlled devices, they often times try to change permission groups to escalate privileges.If a threat actor successfully compromises a Teams admin role, this could lead to abuse of the permissions to use the admin tools that belong to that role.
Credential access
With a valid refresh token, actors can impersonate users through Teams APIs. There is no shortage of administrator tools that can be maliciously repurposed, such as AADInternals, to intercept access to tokens with custom phishing flows. Tools like TeamFiltration could be leveraged just like for any other Microsoft 365 service for targeting Teams. If credentials are compromised through password spraying, threat actors use tools like this to request OAuth tokens for Teams and other services. Threat actors continue to try and bypass multifactor authentication (MFA) by repeatedly generating authentication prompts until someone accepts by mistake, and try to compromise MFA by adding alternate phone numbers or intercepting SMS-based codes.
For instance, the financially motivated threat actor Octo Tempest uses aggressive social engineering, including over Teams, to take control of MFA for privileged accounts. They consistently socially engineer help desk personnel, targeting federated identity providers using tools like AADInternals to federate existing domains, or spoof legitimate domains by adding and then federating new domains to forge tokens.
Discovery
To refine targeting, threat actors analyze Teams configuration data from API responses, enumerate Teams apps if they obtain unauthorized access, and search for valuable files and directories by leveraging toolkits for contextualizing potential attack paths. For instance, Void Blizzard has used AzureHound to enumerate a compromised organization’s Microsoft Entra ID configuration and gather details on users, roles, groups, applications, and devices. In a small number of compromises, the threat actor accessed Teams conversations and messages through the web client. AADInternals can also be used to discover Teams group structures and permissions.
The state-sponsored actor Peach Sandstorm has delivered malicious ZIP files through Teams, then used AD Explorer to take snapshots of on-premises Active Directory database and related files.
Lateral movement
A threat actor that manages to obtain Teams admin access (whether directly or indirectly by purchasing an admin account through a rogue online marketplace) could potentially leverage external communication settings and enable trust relationships between organizations to move laterally. In late 2024, in a campaign dubbed VEILdriveby Hunters’ Team AXON, the financially motivated cybercriminal threat actors Sangria Tempest and Storm-1674 used previously compromised accounts to impersonate IT personnel and convince a user in another organization through Teams to accept a chat request and grant access through a remote connection.
Collection
Threat actors often target Teams to try and collect information from it that could help them to accomplish their objectives, such as to discover collaboration channels or high-privileged accounts. They could try to mine Teams for any information perceived as useful in furtherance of their objectives, including pivoting from a compromised account to data accessible to that user from OneDrive or SharePoint. AADInternals can be used to collect sensitive chat data and user profiles. Post-compromise, GraphRunner can leverage the Microsoft Graph API to search all chats and channels and export Teams conversations.
Command and control
Threat actors attempt to deliver malware through file attachments in Teams chats or channels. A cracked version of Brute Ratel C4 (BRc4) includes features to establish C2 channels with platforms like Microsoft Teams by using their communications protocols to send and receive commands and data.
Post-compromise, threat actors can use red teaming tool ConvoC2 to send commands through Microsoft Teams messages using the Adaptive Card framework to embed data in hidden span tags and then exfiltrate using webhooks. But threat actors can also use legitimate remote access tools to try and establish interactive C2 through Teams.
Exfiltration
Threat actors may use Teams messages or shared links to direct data exfiltration to cloud storage under their control. Tools like TeamFiltration include an exfiltration module that rely on a valid access token to then extract recent contacts and download chats and files through OneDrive or SharePoint.
Impact
Threat actors try to use Teams messages to support financial theft through extortion, social engineering, or technical means.
Octo Tempest has used communication apps, including Teams to send taunting and threatening messages to organizations, defenders, and incident response teams as part of extortion and ransomware payment pressure tactics. After gaining control of MFA through social engineering password resets, they sign in to Teams to identify sensitive information supporting their financially motivated operations.
Configure just-in-time access to privileged roles. Use Microsoft Entra Privileged Identity Management (PIM) (preview) to provide as-needed and just-in-time access to Microsoft 365 roles to reduce standing privileges and limit exposure.
Harden endpoint security
Use configuration analyzer to strengthen security posture. Identify and remediate security policies that are less secure than the Standard or Strict protection profiles in preset security policies.
Keep Teams clients, browsers, OS, and dependencies updated.
Enable cloud-delivered protection in Defender Antivirus. Cloud-delivered protection enables sharing detection status between Microsoft 365 and Defender for Endpoint. Real-time protection blocking, including on-access scanning, is not availablewhen Defender Antivirus is running only in passive mode. You can turn on endpoint detection and response (EDR) in block mode even if Defender Antivirus isn’t your primary antivirus solution. EDR in block mode detects and remediates malicious items on the device post-breach.
Protect security settings from being disabled or changed with tamper protection.
If your organization utilizes another remote support tool such as Remote Help, disable or remove Quick Assist as a best practice, if it isn’t used within your environment.
Understand and use attack surface reduction capabilities in your environment to prevent common techniques used in combination with Teams threat activity as part of your first line of defense.
Manage call settings in Teams. Inbound calls originating from the Public Switched Telephone Network (PSTN) on a tenant global level can be blocked.
Use meeting and event policies to control the features that are available to organizers and participants.
Use the Teams admin center or PowerShell to require anonymous users and people from untrusted organizations to complete a verification check before joining the meeting.
Manage who can present and request control to generally prevent external users by default without business justification from being able to automatically request control over a shared window or screen.
Specify which types of external meetings and chat to allow and which users should have access to these features. You can change the default setting to limit external access to only allowed domains or block specific domains and subdomains. By blocking external communication with trial-only tenants, users that do not have any purchased seats are not able to search and contact your users via chat, Teams calls, and meetings.
You can prevent users that are not managed by an organization from starting conversations or prevent chat with them. If you choose to allow anonymous users in your environment, you can verify their identities by email code to join meetings (Premium).
Monitor Teams activities using activity policies in Defender for Cloud Apps. If external users are enabled, you can monitor their presence. Defender for Cloud Apps integrates directly with Microsoft 365 audit logs. Office 365 Cloud Apps Security has access to the features of Defender for Cloud Apps to support the Office 365 app connector.
Specify which users and groups can use Microsoft Teams apps or a copilot agent and control it on a per-app basis. You can change the default setting letting users install apps by default. Evaluate the compliance, security, and data handling information of an app and also understand the permissions requested by the app before you allow an app to be used.
Teams data is encrypted in transit and at rest in Microsoft services, between services, and between clients and services. For heightened confidentiality, you can also use end-to-end encryption in advanced meeting protection that is available with the Teams Premium add-on license. This encrypts audio, video, and video-based screen sharing at its origin and decrypts it at its destination.
Get started using attack simulation training. The Teams attack simulation training is currently in private preview. Build organizational resilience by raising awareness of QR code phishing, deepfakes including voice, and about protecting your organization from tech support and ClickFix scams.
Train developers to follow best practices when working with the Microsoft Graph API. Apply these practices when detecting, defending against, and responding to malicious techniques targeting Teams.
Learn more about some of the frequent initial access threats impacting SharePoint servers. SharePoint is a front end for Microsoft Teams and an attractive target.
Configure detection and response
Verify the auditing status of your organization in Microsoft Purview to make sure you can investigate incidents. In Threat Explorer, Content malware includes files detected by Safe Attachments for Teams, and URL clicks include all user clicks in Teams.
If user reporting of messages is turned on in the Teams admin center, it also needs to be turned on in the Defender portal. We encourage you to submit user reported Teams messages to Microsoft here.
Refer to the table listing the Microsoft Teams activities logged in the Microsoft 365 audit log. With the Office 365 Management Activity API, you can retrieve information about user, admin, system, and policy actions and events including from Entra activity logs.
Familiarize yourself with relevant advanced hunting schema and available tables.
Advanced hunting supports guided and advanced modes. You can use the advanced hunting queries in the advanced hunting section to hunt with these tables for Teams-related threats.
Several tables covering Teams-related threats are available in preview and populated by Defender for Office 365, including MessageEvents, MessagePostDeliveryEvents, MessageUrlInfo, and UrlClickEvents. These tables provide visibility into ZAP events and URLs in Teams messages, including allowed or blocked URL clicks in Teams clients. You can join these tables with others to gain more comprehensive insight into the progression of the attack chain and end-to-end threat activity.
Connect Microsoft 365 to Microsoft Defender for Cloud Apps.
To hunt for Teams messages without URLs, use the CloudAppEvents table, populated by Defender for Cloud Apps. This table also includes chat monitoring events, meeting and Teams call tracking, and behavioral analytics. To make sure advanced hunting tables are populated by Defender for Cloud Apps data, go to the Defender portal and select Settings > Cloud apps > App connectors. Then, in the Select Microsoft 365 components page, select the Microsoft 365 activities checkbox. Control Microsoft 365 with built-in policies and policy templates to detect and notify you about potential threats.
Many of the detection types enabled by default apply to Teams and do not require custom policy creation, including sign-ins from geographically distant locations in a short time, access from a country not previously associated with a user, unexpected admin actions, mass downloads, activity from anonymous IP addresses, or from a device flagged as malware-infected by Defender for Endpoint, as well as Oauth app abuse (when app governance is turned on).
Defender for Cloud Apps enables you to identify high-risk use and cloud security issues, detect abnormal user behavior, and prevent threats in your sanctioned cloud apps. You can integrate Defender for Cloud Apps with Microsoft Sentinel (preview) or use the supported APIs.
Refer to the compromised and malicious applications incident response playbook. This playbook includes relevant guidance for identifying and investigating malicious activity on third-party apps installed in Teams, custom apps using the Graph API for Teams, or OAuth abuse involving Teams permissions.
Discover and enable the Microsoft Sentinel data lake in Defender XDR. Sentinel data lake brings together security logs from data sources like Microsoft Defender and Microsoft Sentinel, Microsoft 365, Microsoft Entra ID, Purview, Intune, Microsoft Resource Graph, firewall and network logs, identity and access logs, DNS, plus sources from hundreds of connectors and solutions, including Microsoft Defender Threat Intelligence. Advanced hunting KQL queries can be run directly on the data lake. You can analyze the data using Jupyter notebooks.
Microsoft Defender detections
Microsoft Defender XDR customers can refer to the list of applicable detections below. Microsoft Defender XDR coordinates detection, prevention, investigation, and response across endpoints, identities, email, apps to provide integrated protection against attacks like the threat discussed in this blog.
Customers with provisioned access can also use Microsoft Security Copilot in Microsoft Defender to investigate and respond to incidents, hunt for threats, and protect their organization with relevant threat intelligence.
Microsoft Defender XDR
The following alerts might indicate threat activity associated with this threat.
Malicious sign in from a risky IP address
Malicious sign in from an unusual user agent
Account compromised following a password-spray attack
Compromised user account identified in Password Spray activity
Successful authentication after password spray attack
Password Spray detected via suspicious Teams client (TeamFiltration)
Microsoft Entra ID Protection
Any type of sign-in and user risk detection might also indicate threat activity associated with this threat. An example is listed below. These alerts, however, can be triggered by unrelated threat activity.
Impossible travel
Anomalous Microsoft Teams login from web client
Microsoft Defender for Endpoint
The following alerts might indicate threat activity associated with this threat.
Suspicious module loaded using Microsoft Teams
The following alerts might also indicate threat activity associated with this threat. These alerts, however, can be triggered by unrelated threat activity and are not monitored in the status cards provided with this report.
Suspicious usage of remote management software
Microsoft Defender for Office 365
The following alerts might indicate threat activity associated with this threat.
Malicious link shared in Teams chat
User clicked a malicious link in Teams chat
When Microsoft Defender for Cloud Apps is enabled, the following alert might indicate threat activity associated with this threat.
Potentially Malicious IT Support Teams impersonation post mail bombing
The following alerts might also indicate threat activity associated with this threat. These alerts, however, can be triggered by unrelated threat activity and are not monitored in the status cards provided with this report.
A potentially malicious URL click was detected
Possible AiTM phishing attempt
Microsoft Defender for Identity
The following Microsoft Defender for Identity alerts can indicate associated threat activity:
Account enumeration reconnaissance
Suspicious additions to sensitive groups
Account Enumeration reconnaissance (LDAP)
Microsoft Defender for Cloud Apps
The following alerts might indicate threat activity associated with this threat.
Consent granted to application with Microsoft Teams permissions
Risky user installed a suspicious application in Microsoft Teams
Compromised account signed in to Microsoft Teams
Microsoft Teams chat initiated by a suspicious external user
Suspicious Teams access via Graph API
The following alerts might also indicate threat activity associated with this threat. These alerts, however, can be triggered by unrelated threat activity and are not monitored in the status cards provided with this report.
Possible mail exfiltration by app
Microsoft Security Copilot
Microsoft Security Copilot customers can use the Copilot in Defender embedded experience to check the impact of this report and get insights based on their environment’s highest exposure level in Threat analytics, Intel profiles, Intel Explorer and Intel projects pages of the Defender portal.
You can also use Copilot in Defender to speed up analysis of suspicious scripts and command lines by inspecting them below the incident graph on an incident page and in the timeline on the Device entity page without using external tools.
Threat intelligence reports
Microsoft customers can use the following reports in Microsoft products to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this blog. These reports provide the intelligence, protection information, and recommended actions to prevent, mitigate, or respond to associated threats found in customer environments.
Microsoft Security Copilot customers can also use the Microsoft Security Copilot integration in Microsoft Defender Threat Intelligence, either in the Security Copilot standalone portal or in the embedded experience in the Microsoft Defender portal to get more information about this threat actor.
Hunting queries
Microsoft Defender XDR
Advanced hunting allows you to view and query all the data sources available within the unified Microsoft Defender portal, which include Microsoft Defender XDR and various Microsoft security services.
After onboarding to the Microsoft Sentinel data lake, auxiliary log tables are no longer available in Microsoft Defender advanced hunting. Instead, you can access them through data lake exploration Kusto Query Language (KQL) queries in the Defender portal. For more information, see KQL queries in the Microsoft Sentinel data lake.
You can design and tweak custom detection rules using the advanced hunting queries and set them to run at regular intervals, generating alerts and taking response actions whenever there are matches. You can also link the generated alert to this report so that it appears in the Related incidents tab in threat analytics. Custom detection rule can automatically take actions on devices, files, users, or emails that are returned by the query. To make sure you’re creating detections that trigger true alerts, take time to review your existing custom detections by following the steps in Manage existing custom detection rules.
Detect potential data exfiltration from Teams
let timeWindow = 1h;
let messageThreshold = 20;
let trustedDomains = dynamic(["trustedpartner.com", "anothertrusted.com"]);
CloudAppEvents
| where Timestamp > ago(1d)
| where ActionType == "MessageSent"
| where Application == "Microsoft Teams"
| where isnotempty(AccountObjectId)
| where tostring(parse_json(RawEventData).ParticipantInfo.HasForeignTenantUsers) == "true"
| where tostring(parse_json(RawEventData).CommunicationType) in ("OneOnOne", "GroupChat")
| extend RecipientDomain = tostring(parse_json(RawEventData).ParticipantInfo.ParticipatingDomains[1])
| where RecipientDomain !in (trustedDomains)
| extend SenderUPN = tostring(parse_json(RawEventData).UserId)
| summarize MessageCount = count() by bin(Timestamp, timeWindow), SenderUPN, RecipientDomain
| where MessageCount > messageThreshold
| project Timestamp, MessageCount, SenderUPN, RecipientDomain
| sort by MessageCount desc
Detect mail bombing that sometimes precedes technical support scams on Microsoft Teams
EmailEvents
| where Timestamp > ago(1d)
| where DetectionMethods contains "Mail bombing"
| project Timestamp, NetworkMessageId, SenderFromAddress, Subject, ReportId
Detect malicious Teams content from MessageEvents
MessageEvents
| where Timestamp > ago(1d)
| where ThreatTypes has "Phish"
or ThreatTypes has "Malware"
or ThreatTypes has "Spam"
| project Timestamp, SenderDisplayName, SenderEmailAddress, RecipientDetails, IsOwnedThread, ThreadType, IsExternalThread, ReportId
Detect communication with external help desk/support representatives
MessageEvents
| where Timestamp > ago(5d)
| where IsExternalThread == true
| where (RecipientDetails contains "help" and RecipientDetails contains "desk")
or (RecipientDetails contains "it" and RecipientDetails contains "support")
or (RecipientDetails contains "working" and RecipientDetails contains "home")
or (SenderDisplayName contains "help" and SenderDisplayName contains "desk")
or (SenderDisplayName contains "it" and SenderDisplayName contains "support")
or (SenderDisplayName contains "working" and SenderDisplayName contains "home")
| project Timestamp, SenderDisplayName, SenderEmailAddress, RecipientDetails, IsOwnedThread, ThreadType
Expand detection of communication with external help desk/support representatives by searching for linked process executions
let portableExecutable = pack_array("binary.exe", "portable.exe");
let timeAgo = ago(30d);
MessageEvents
| where Timestamp > timeAgo
| where IsExternalThread == true
| where (RecipientDetails contains "help" and RecipientDetails contains "desk")
or (RecipientDetails contains "it" and RecipientDetails contains "support")
or (RecipientDetails contains "working" and RecipientDetails contains "home")
| summarize spamEvent = min(Timestamp) by SenderEmailAddress
| join kind=inner (
DeviceProcessEvents
| where Timestamp > timeAgo
| where FileName in (portableExecutable)
) on $left.SenderEmailAddress == $right.InitiatingProcessAccountUpn
| where spamEvent
Surface Teams threat activity using Microsoft Security Copilot
Microsoft Security Copilot in Microsoft Defender comes with a query assistant capability in advanced hunting. You can also run the following prompt in Microsoft Security Copilot pane in the Advanced hunting page or by reopening Copilot from the top of the query editor:
Show me recent activity in the last 7 days that matches attack techniques described in the Microsoft Teams technique profile. Include relevant alerts, affected users and devices, and generate advanced hunting queries to investigate further.
Microsoft Sentinel
Possible Teams phishing activity
This query specifically monitors Microsoft Teams for one-on-one chats involving impersonated users (e.g., 'Help Desk', 'Microsoft Security').
let suspiciousUpns = DeviceProcessEvents
| where DeviceId == "alertedMachine"
| where isnotempty(InitiatingProcessAccountUpn)
| project InitiatingProcessAccountUpn;
CloudAppEvents
| where Application == "Microsoft Teams"
| where ActionType == "ChatCreated"
| where isempty(AccountObjectId)
| where RawEventData.ParticipantInfo.HasForeignTenantUsers == true
| where RawEventData.CommunicationType == "OneonOne"
| where RawEventData.ParticipantInfo.HasGuestUsers == false
| where RawEventData.ParticipantInfo.HasOtherGuestUsers == false
| where RawEventData.Members[0].DisplayName in ("Microsoft Security", "Help Desk", "Help Desk Team", "Help Desk IT", "Microsoft Security", "office")
| where AccountId has "@"
| extend TargetUPN = tolower(tostring(RawEventData.Members[1].UPN))
| where TargetUPN in (suspiciousUpns)
Files uploaded to Teams and access summary
This query identifies files uploaded to Microsoft Teams chat files and their access history, specifically mentioning operations from SharePoint. It allows tracking of potential file collection activity through Teams-related storage.
OfficeActivity
| where RecordType =~ "SharePointFileOperation"
| where Operation =~ "FileUploaded"
| where UserId != "app@sharepoint"
| where SourceRelativeUrl has "Microsoft Teams Chat Files"
| join kind= leftouter (
OfficeActivity
| where RecordType =~ "SharePointFileOperation"
| where Operation =~ "FileDownloaded" or Operation =~ "FileAccessed"
| where UserId != "app@sharepoint"
| where SourceRelativeUrl has "Microsoft Teams Chat Files"
) on OfficeObjectId
| extend userBag = bag_pack(UserId1, ClientIP1)
| summarize make_set(UserId1, 10000), make_bag(userBag, 10000) by TimeGenerated, UserId, OfficeObjectId, SourceFileName
| extend NumberUsers = array_length(bag_keys(bag_userBag))
| project timestamp=TimeGenerated, UserId, FileLocation=OfficeObjectId, FileName=SourceFileName, AccessedBy=bag_userBag, NumberOfUsersAccessed=NumberUsers
| extend AccountName = tostring(split(UserId, "@")[0]), AccountUPNSuffix = tostring(split(UserId, "@")[1])
| extend Account_0_Name = AccountName
| extend Account_0_UPNSuffix = AccountUPNSuffix
To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the Microsoft Threat Intelligence podcast.
Building on the momentum of our initial launch of the Microsoft Secure Future Initiative (SFI) patterns and practices, this second installment continues our commitment to making security implementation practical and scalable. The first release introduced a foundational library of actionable guidance rooted in proven architectures like Zero Trust. Now, we’re expanding that guidance with new examples that reflect our ongoing learnings—helping customers and partners understand our strategic approach more deeply and apply it effectively in their own environments.
This next set of SFI patterns and practices articles include practical, actionable guidance built by practitioners, for practitioners, in the areas of network, engineering systems, and security response. Each of the six articles includes details on how Microsoft has improved our security posture in each area so customers, partners, and the broader security community can do the same.
Contain breaches by default. Strongly segment and isolate your network (through per-service ACLs, isolated virtual networks, and more) to prevent lateral movement and limit cyberattackers if they get in.
Help eliminate “shadow” tenants. Apply baseline security policies, such as multifactor authentication (MFA), Conditional Access, and more, to every cloud tenant and retire unused ones, so cyberattackers can’t exploit forgotten, weakly-secured environments.
Close identity backdoors. Enforce high security standards for all Microsoft Entra ID (Azure AD) applications—removing unused apps, tightening permissions, and requiring strong authorization—to block common misconfigurations cyberattackers abuse for cross-tenant attacks.
Secure the dev pipeline. Require proof-of-presence MFA for critical code commits and merges to help ensure only verified developers can push code and stop cyberattackers from surreptitiously injecting changes.
Lock down builds and dependencies. Govern your continuous integration and continuous delivery (CI/CD) pipelines and package management—use standardized build templates, internal package feeds, and automated scanning to block supply chain cyberattacks before they reach production.
Speed up investigations. Standardize and centralize your log collection (with longer retention) so that security teams have unified visibility and can detect and investigate incidents faster—even across complex, multi-cloud environments.
More about SFI patterns and practices
Just as software design patterns provide reusable solutions to common engineering problems, SFI patterns and practices offer repeatable, proven approaches to solving complex cybersecurity challenges. Each pattern is crafted to address a specific security risk—legacy infrastructure or inconsistent CI/CD pipelines—and is grounded in Microsoft’s own experience. Like design patterns in software architecture, these security patterns are modular, extensible, and built for reuse across diverse environments.
Additionally, each pattern in the SFI patterns and practices library follows a consistent and purposeful structure. Every article begins with a pattern name—a concise handle that captures the essence of the cybersecurity challenge. The problem section outlines the security risk and its real-world context, helping readers understand why it matters. The solution describes how Microsoft addressed the issue internally. The guidance section provides practical recommendations that customers can consider applying in their own environments. Finally, the implications section outlines the outcomes and trade-offs of implementing the pattern, helping organizations anticipate both the benefits and the operational considerations.
This structure offers a framework for understanding, applying, and evolving security practices.
Security is a journey, and Microsoft is committed to sharing our insights from SFI. Watch for more actionable advice in coming months. SFI patterns and practices provide a roadmap for putting secure architecture into practice. Embracing these approaches enables organizations to advance their security posture, minimize deployment hurdles, and establish environments that are secure by design, by default, and in operations.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.
Incident response is never orderly. Threat actors don’t wait. Environments are compromised. Data is missing. Confidence is shaken. But for Microsoft’s Incident Response (IR) team, that chaos is exactly where the work begins.
In Episode 1, we showed how Microsoft Threat Intelligence and the Digital Crime Unit (DCU) disrupted Storm-1152’s massive fake account operation, turning threat intelligence into global action. In this second chapter of Inside Microsoft Threat Intelligence, we move from disruption to response, showing what happens when defenders face the worst day in security, and how calm leadership transforms outcomes.
Adrian Hill, lead investigator for Microsoft IR, explains it simply: “Our job is to bring clarity, calm, and momentum—fast. We set the tone in the first 30 seconds. Because if the customer doesn’t trust us immediately, we can’t help them recover.”
Whether dropped into an active breach or brought in for proactive support, Microsoft’s IR team works to stabilize, guide, and rebuild. Every engagement starts with empathy and ends with action.
Putting the customer first
In high-stakes incidents, Microsoft Incident Response isn’t always the only team on site. Adrian often finds himself shoulder to shoulder with other vendors and internal stakeholders. But rather than compete, he leads with clarity and collaboration, and ensure all parties are marching toward the same goal.
In one recent case, Microsoft joined mid-incident while a threat actor still had active control of the environment. The customer wasn’t even aware Microsoft’s IR team was on deck. Within 30 minutes, Adrian’s team had surfaced threat intelligence from Defender and other telemetry sources that no one else had uncovered. It wasn’t just a faster response. It changed the customer’s perception of what Microsoft Incident Response could deliver.
Turning chaos into ecosystem protection
Microsoft’s IR team doesn’t just clean up attacks; they feed intelligence back into the ecosystem. Every novel tactic, unusual behavior, or new artifact discovered during a customer engagement gets routed back to Microsoft Threat Intelligence. That insight becomes new detections, improved playbooks, and protections that safeguard millions of users and organizations worldwide.
This loop, from the field to Microsoft Threat Intelligence to product integration, is what makes our end-to-end security story unique. Incident response isn’t the last line of defense. It’s the front line of innovation.
From recovery to partnership
IR is rarely one-and-done. In the same engagement, Adrian’s team helped recover cloud backups, secure infrastructure, and walk the customer through containment and long-term strategy. Months later, the organization came back for further briefings, roadmap work, and proactive guidance.
That follow-through is what builds trust and transforms perception.
“We don’t show up to pitch Microsoft,” Adrian says. “We show up to help people. And that’s what makes them want to keep working with us.”
Microsoft’s incident response isn’t just about stopping attacks. It’s about restoring confidence and helping customers take control of their security future and building resilience.
Missed episode one of Inside Microsoft Threat Intelligence? Catch it here.
On September 18, 2025, Fortra published a security advisory regarding a critical deserialization vulnerability in GoAnywhere MFT’s License Servlet, which is tracked as CVE-2025-10035 and has a CVSS score of 10.0. The vulnerability could allow a threat actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection and potential remote code execution (RCE). A cybercriminal group tracked by Microsoft Threat Intelligence as Storm-1175, known for deploying Medusa ransomware and exploiting public-facing applications for initial access, was observed exploiting the vulnerability.
Microsoft urges customers to upgrade to the latest version following Fortra’s recommendations. We are publishing this blog post to increase awareness of this threat and to share end-to-end protection coverage details across Microsoft Defender, as well as security posture hardening recommendations for customers.
Vulnerability analysis
The vulnerability, tracked as CVE-2025-10035, is a critical deserialization flaw impacting GoAnywhere MFT’s License Servlet Admin Console versions up to 7.8.3. It enables an attacker to bypass signature verification by crafting a forged license response signature, which then allows the deserialization of arbitrary, attacker-controlled objects.
Successful exploitation could result in command injection and potential RCE on the affected system. Public reports indicate that exploitation does not require authentication if the attacker can craft or intercept valid license responses, making this vulnerability particularly dangerous for internet-exposed instances.
The impact of CVE-2025-10035 is amplified by the fact that, upon successful exploitation, attackers could perform system and user discovery, maintain long-term access, and deploy additional tools for lateral movement and malware. Public advisories recommend immediate patching, reviewing license verification mechanisms, and closely monitoring for suspicious activity in GoAnywhere MFT environments to mitigate risks associated with this vulnerability.
Exploitation activity by Storm-1175
Microsoft Defender researchers identified exploitation activity in multiple organizations aligned to tactics, techniques, and procedures (TTPs) attributed to Storm-1175. Related activity was observed on September 11, 2025.
An analysis of the threat actor’s TTPs reveals a multi-stage attack. For initial access, the threat actor exploited the then-zero-day deserialization vulnerability in GoAnywhere MFT. To maintain persistence, they abused remote monitoring and management (RMM) tools, specifically SimpleHelp and MeshAgent. They dropped the RMM binaries directly under the GoAnywhere MFT process. In addition to these RMM payloads, the creation of .jsp files within the GoAnywhere MFT directories was observed, often at the same time as the dropped RMM tools.
The threat actor then executed user and system discovery commands and deployed tools like netscan for network discovery. Lateral movement was achieved using mstsc.exe, allowing the threat actor to move across systems within the compromised network.
For command and control (C2), the threat actor utilized RMM tools to establish their infrastructure and even set up a Cloudflare tunnel for secure C2 communication. During the exfiltration stage, the deployment and execution of Rclone was observed in at least one victim environment. Ultimately, in one compromised environment, the successful deployment of Medusa ransomware was observed.
Mitigation and protection guidance
Microsoft recommends the following mitigations to reduce the impact of this threat.
Upgrade to the latest version following Fortra’s recommendations. Note that upgrading does not address previous exploitation activity, and review of the impacted system may be required.
Use an enterprise attack surface management product, like Microsoft Defender External Attack Surface Management (Defender EASM), to discover unpatched systems on your perimeter.
Check your perimeter firewall and proxy to ensure servers are restricted from accessing the internet for arbitrary connections, like browsing and downloads. Such restrictions help inhibit malware downloads and command-and-control activity.
Run endpoint detection and response (EDR) in block mode so that Microsoft Defender for Endpoint can block malicious artifacts, even when your non-Microsoft antivirus does not detect the threat or when Microsoft Defender Antivirus is running in passive mode. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach.
Enable investigation and remediation in full automated mode to allow Microsoft Defender for Endpoint to take immediate action on alerts to resolve breaches, significantly reducing alert volume.
Turn on block mode in Microsoft Defender Antivirus, or the equivalent for your antivirus product, to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block a majority of new and unknown variants.
Microsoft Defender customers can turn on attack surface reduction rules to prevent common attack techniques used in ransomware attacks. Attack surface reduction rules are sweeping settings that are effective at stopping entire classes of threats:
Following the release of the vulnerability, the Microsoft Defender Research Team ensured that protections are deployed for customers, from ensuring that Microsoft Defender Vulnerability Management correctly identifies and surfaces all vulnerable devices in impacted customer environments, to building Microsoft Defender for Endpoint detections and alerting along the attack chain.
Microsoft Defender Vulnerability Management customers can search for this vulnerability in the Defender Portal or navigate directly to the CVE page to view a detailed list of the exposed devices within their organization.
Customers of Microsoft Defender Experts for XDR that might have been impacted have also been notified of any post-exploitation activity and recommended actions.
Microsoft Defender XDR customers can refer to the list of applicable detections below. Microsoft Defender XDR coordinates detection, prevention, investigation, and response across endpoints, identities, email, apps to provide integrated protection against attacks like the threat discussed in this blog.
Customers with provisioned access can also use Microsoft Security Copilot in Microsoft Defender to investigate and respond to incidents, hunt for threats, and protect their organization with relevant threat intelligence.
Tactic
Observed activity
Microsoft Defender coverage
Initial access
Exploitation of GoAnywhere MFT via deserialization in Licensing Service
Microsoft Defender for Endpoint detects possible exploitation via the following alert: – Possible exploitation of GoAnywhere MFT vulnerability
Microsoft Defender Experts for XDR can detect possible exploitation via the following alerts: – Possible exploitation of vulnerability in GoAnywhere Tomcat – Possible discovery activity following successful Tomcat vulnerability exploitation
Microsoft Defender Vulnerability Management(MDVM) surfaces devices vulnerable to CVE-2025-10035.
Microsoft Defender External Attack Surface Management Attack Surface Insights with the following title can indicate vulnerable devices on your network but is not necessarily indicative of exploitation: – [Potential] CVE-2025-10035 – GoAnywhere MFT Command Injection via Deserialization in Licensing Service
(Note: An Attack Surface Insight marked as potential indicates a service is running but cannot validate whether that service is running a vulnerable version. Check resources to verify that they are up to date.)
Persistence
Dropping and abuse of remote monitoring and management (RMM) tool and suspected web shell deployment; creation of .jsp files within the GoAnywhere MFT directories
Microsoft Defender for Endpoint detects possible signs of the attacker deploying persistence mechanisms via the following alerts: – Uncommon remote access software – Remote access software – Suspicious file dropped and launched – Suspicious service launched – Suspicious account creation – User account created under suspicious circumstances – New local admin added using Net commands – New group added suspiciously – Suspicious Windows account manipulation – Ransomware-linked threat actor detected
Discovery
User and system discovery commands; deployment of tools such as netscan for network discovery
Microsoft Defender for Endpoint detects malicious exploration activities via the following alerts: – Suspicious sequence of exploration activities – Anomalous account lookups – Suspicious Windows account manipulation
Command and control
Use of RMM tools for establishing C2 infrastructure and setup of Cloudflare tunnel for secure C2 communication
Microsoft Defender for Endpoint detects C2 activities observed in this campaign via the following alerts: – Uncommon remote access software – Remote access software
Exfiltration
Rclone deployment and execution
Microsoft Defender for Endpoint detects exfiltration activities observed in this campaign via the following alert: – Ransomware-linked threat actor detected
Actions on objectives
Deployment of Medusa ransomware
Microsoft Defender Antivirus detects the ransomware payload used in this attack as the following threat: – Ransom:Win32/Medusa
Microsoft Defender for Endpoint detects the ransomware payload via the following alerts: – Ransomware-linked threat actor detected
Microsoft Security Copilot
Security Copilot customers can use the standalone experience to create their own prompts or run the following prebuilt promptbooks to automate incident response or investigation tasks related to this threat:
Incident investigation
Microsoft User analysis
Threat actor profile
Threat Intelligence 360 report based on MDTI article
Vulnerability impact assessment
Note that some promptbooks require access to plugins for Microsoft products such as Microsoft Defender XDR or Microsoft Sentinel.
Threat intelligence reports
Microsoft Defender XDR customers can use the following threat analytics reports in the Defender portal (requires license for at least one Defender XDR product) to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this blog. These reports provide the intelligence, protection information, and recommended actions to prevent, mitigate, or respond to associated threats found in customer environments.
Microsoft Security Copilot customers can also use the Microsoft Security Copilot integration in Microsoft Defender Threat Intelligence, either in the Security Copilot standalone portal or in the embedded experience in the Microsoft Defender portal to get more information about this threat actor.
Hunting queries
Microsoft Defender XDR
Microsoft Defender XDR customers can run the following query to find related activity in their networks:
Vulnerable devices
Find devices affected by the CVE-2025-10035 vulnerability.
DeviceTvmSoftwareVulnerabilities
| where CveId in ("CVE-2025-10035")
| summarize by DeviceName, CveId
Possible GoAnywhere MFT exploitation
Look for suspicious PowerShell commands indicative of GoAnywhere MFT exploitation. These commands are also detected with the Defender for Endpoint alert Possible exploitation of GoAnywhere MFT vulnerability.
Look for suspicious cmd.exe commands launched after possible GoAnywhere MFT exploitation. These commands are also detected with the Defender for Endpoint alert Possible exploitation of GoAnywhere MFT vulnerability.
DeviceProcessEvents
| where InitiatingProcessFolderPath contains @"\GoAnywhere\"
| where InitiatingProcessFileName contains "tomcat"
| where InitiatingProcessCommandLine endswith "//RS//GoAnywhere"
| where ProcessCommandLine !contains @"\GIT\"
| where FileName == "cmd.exe"
| where ProcessCommandLine has_any ("powershell.exe", "powershell ", "rundll32.exe", "rundll32 ", "bitsadmin.exe", "bitsadmin ", "wget http", "quser") or ProcessCommandLine has_all ("nltest", "/dclist") or ProcessCommandLine has_all ("nltest", "/domain_trusts") or ProcessCommandLine has_all ("net", "user ", "/add") or ProcessCommandLine has_all ("net", "user ", " /domain") or ProcessCommandLine has_all ("net", " group", "/domain")
Storm-1175 indicators of compromise
The following query identifies known post-compromise tools leveraged in recent GoAnywhere exploitation activity attributed to Storm-1175. Note that the alert Ransomware-linked threat actor detected will detect these hashes.
let fileHashes = dynamic(["4106c35ff46bb6f2f4a42d63a2b8a619f1e1df72414122ddf6fd1b1a644b3220", "c7e2632702d0e22598b90ea226d3cde4830455d9232bd8b33ebcb13827e99bc3", "cd5aa589873d777c6e919c4438afe8bceccad6bbe57739e2ccb70b39aee1e8b3", "5ba7de7d5115789b952d9b1c6cff440c9128f438de933ff9044a68fff8496d19"]);
union
(
DeviceFileEvents
| where SHA256 in (fileHashes)
| project Timestamp, FileHash = SHA256, SourceTable = "DeviceFileEvents"
),
(
DeviceEvents
| where SHA256 in (fileHashes)
| project Timestamp, FileHash = SHA256, SourceTable = "DeviceEvents"
),
(
DeviceImageLoadEvents
| where SHA256 in (fileHashes)
| project Timestamp, FileHash = SHA256, SourceTable = "DeviceImageLoadEvents"
),
(
DeviceProcessEvents
| where SHA256 in (fileHashes)
| project Timestamp, FileHash = SHA256, SourceTable = "DeviceProcessEvents"
)
| order by Timestamp desc
Indicators of compromise
File IoCs (RMM tools in identified Storm-1175 exploitation activity):
To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the Microsoft Threat Intelligence podcast.
When cybersecurity stakes are high and complexity is the norm, Microsoft doesn’t just participate, it excels with Microsoft Defender XDR—built to anticipate, disrupt, and outpace modern cyberthreats. We are excited to announce that Microsoft has been named a Leader in the IDC MarketScape: Worldwide Extended Detection and Response Software 2025 Vendor Assessment (doc #US52997325, September 2025). Read the complete IDC MarketScape: Worldwide XDR Software 2025 report.
Defender XDR has the broadest signal coverage across the enterprise spanning endpoints, identities, email and collaboration tools, software as a service (SaaS) apps, cloud workloads, and data security—which enables security leaders to consolidate visibility, automate response, and outperform siloed tools. It combines native capabilities in threat detection, prevention, and response backed by AI-powered automation, rich telemetry, and seamless security information and event management (SIEM) integration to deliver a comprehensive and proactive defense strategy for modern enterprises. But Microsoft’s advantage goes beyond coverage. As one of the Big Three public cloud providers—and the originator of widely adopted platforms like Microsoft 365 and Microsoft Entra ID—Microsoft has unparalleled insight into the very technologies it secures.
IDC MarketScape vendor analysis model is designed to provide an overview of the competitive fitness of technology and suppliers in a given market. The research methodology utilizes a rigorous scoring methodology based on both qualitative and quantitative criteria that results in a single graphical illustration of each supplier’s position within a given market. The Capabilities score measures supplier product, go-to-market, and business execution in the short-term. The Strategy score measures alignment of supplier strategies with customer requirements in a three- to five-year timeframe. Supplier market share is represented by the size of the icons.
Driving AI innovation in cybersecurity
Microsoft also stands out for its use of AI in cybersecurity through Microsoft Security Copilot. First introduced in March 2023 with generative AI capabilities, these digital assistants have evolved into a suite of autonomous AI agents announced in 2025, each designed to support specific use cases such as triaging user-reported phishing emails. This agentic approach enhances operational efficiency and empowers security teams with intelligent, task-specific automation. In fact, the phishing triage agent examines thousands of alerts each day—typically within 15 minutes of detection—which saves time, accelerates threat response, and allows security operations center (SOC) teams to focus on more meaningful tasks.
Complementing this agentic approach, IDC specifically highlighted Microsoft Defender’s automatic attack disruption, an AI-powered capability that disrupts in-progress cyberattacks like ransomware by containing compromised assets to prevent lateral movement—often within an average of just three minutes. Together, these innovations show how Microsoft is redefining the modern SOC to infuse AI throughout standard SOC workflows and rapidly respond to sophisticated cyberattacks.
Microsoft provides a full life cycle offering from preemptive and prevention technologies to detection and response.
In their report, IDC shared that one key Microsoft strength lies in its ability to unify proactive defense with intelligent response. Defender XDR natively integrates exposure management, attack surface reduction, secure configuration monitoring, and data loss prevention—giving security teams the tools to identify and mitigate vulnerabilities before they’re exploited. This preemptive posture and built-in attack disruption not only reduces risk but also enhances the fidelity of alerts, enabling faster, more accurate threat detection.
Defender script analysis and threat hunting
Sophisticated cyberattacks often evade detection using cloaked scripts and PowerShell commands. Defender XDR includes built-in script analysis, allowing analysts to inspect and classify scripts without external tools—reducing complexity and accelerating response. And for deeper threat hunting, Defender XDR supports Kusto Query Language (KQL), enabling analysts to parse telemetry, discover patterns, and identify outliers. Novice users can leverage a guided user interface experience to build and customize queries with ease while building their skillset.
Seamless integration and correlation between SIEM and XDR
IDC also noted that what sets Microsoft apart is its seamless correlation between SIEM and XDR, allowing insights from threat actor behavior and anomalies to flow across platforms without requiring customers to deploy both. With all this, plus powerful visualizations, KQL-based threat hunting, and deep identity threat detection, Microsoft delivers a strongly competitive, comprehensive, and adaptive security operations experience.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.
IDC MarketScape vendor assessment model is designed to provide an overview of the competitive fitness of technology and service suppliers in a given market. The research utilizes a rigorous scoring methodology based on both qualitative and quantitative criteria that results in a single graphical illustration of each supplier’s position within a given market. IDC MarketScape provides a clear framework in which the product and service offerings, capabilities and strategies, and current and future market success factors of technology suppliers can be meaningfully compared. The framework also provides technology buyers with a 360-degree assessment of the strengths and weaknesses of current and prospective suppliers.
At Microsoft, security is our number one priority, and we believe that cybersecurity is as much about people as it is about technology. As we move into October and kick off Cybersecurity Awareness Month, this time of year really makes me think about how important online safety is—not just at work, but for my family and friends too. I often find myself sharing tips with loved ones on how to stay safe online, because building strong security habits and keeping them top of mind has become a key part of how I protect myself and those around me.
As part of the Microsoft Secure Future Initiative (SFI), we have committed to embed security into every layer of our technology, culture, and governance—placing security above all else. Since its launch in November 2023, SFI has mobilized the equivalent of more than 34,000 engineers to proactively reduce risk and strengthen security across Microsoft and the products and services we offer our customers. A great example of this is mitigating advanced multifactor authentication attacks, where phishing-resistant multifactor authentication now protects 100% of production system accounts and 92% of employee productivity accounts. In addition, we continue to reduce the risk of compromise during new employee setup by enforcing video-based verification, now at 99%.1
Enabling your security-first approach
This year, we have also developed new resources and tools to support security professionals in keeping their organizations secure, particularly as we enter this next era of AI. Building upon our learnings with SFI, we have created SFI patterns and practices, which is a new library of actionable guidance designed to help organizations implement security at scale.
In addition to best practices for security professionals, we continue to add articles to our Be Cybersmart Kit, which is a great starting point for security professionals that need to educate their organizations on how to be safe. The Be Cybersmart Kit contains articles on AI safety, device security, domain impersonation, fraud, secure sign-in, and phishing. The kit is just one of the many resources available on the Microsoft Cybersecurity Awareness site.
Be Cybersmart
Help educate everyone in your organization with cybersecurity awareness resources and training curated by the security experts at Microsoft.
Those seeking more in-depth resources can access expert-level learning paths, certifications, and technical documentation to continue their cybersecurity education. And for students pursuing the field of cybersecurity, the Microsoft Cybersecurity Scholarship Program and educational opportunities like Microsoft Elevate are here to help. The goal of all these programs is to help foster a culture that puts security and continuous learning first for students and professionals alike.
Security-first in action: Franciscan Alliance
A great example of a security-first culture, especially around education and awareness training, is Franciscan Alliance, a non-profit Catholic health care organization based in Indiana. Franciscan Alliance employs a proactive and interactive strategy for cybersecurity awareness and employee education.
“We believe cybersecurity education should be continuous, engaging, and empowering—because informed employees are our strongest defense.”
—Jay Bhat, Chief Information Security Officer (CISO), Franciscan Alliance
The organization conducts monthly phishing simulations and quarterly assessments to expose staff to realistic scenarios consistently. Employees who do not pass the quarterly assessments are provided with additional training rather than being penalized, which supports a culture centered on learning and development. Training programs incorporate gamification elements to enhance accessibility and retention. Additionally, employees receive a monthly newsletter covering relevant security topics that support safe practices both professionally and personally.
During Cybersecurity Awareness Month, weekly editions are distributed, along with timely updates on emerging threats, including breaches and attacks. Franciscan Alliance also organizes threat briefings in partnership with external partners and utilizes resources such as Microsoft’s Cybersecurity Awareness materials to inform its training initiatives.
Developing security competencies in the age of AI
As organizations rapidly embrace AI, making security the first priority is not just a best practice—it’s a necessity. AI systems are powerful tools that can transform business productivity, but without robust governance and security measures, they can also introduce significant risks. To address these challenges and empower security-first leadership, we invite C-level executives to register for Microsoft’s upcoming webinar “Trust in AI: Accelerate Business Growth with Confidence,” which will feature critical discussions on how to build trust in AI for your organization.
Additionally, Microsoft’s Chief Product Officer of Responsible AI Sarah Bird will moderate the panel, “Cyber and AI, Strategic Risk and Competitive Advantage,” at the NASDAQ Summit on October 21, 2025, at the New York Stock Exchange, where industry experts will provide guidance on governance and security for AI. In this session, experts will discuss real-world use cases, regulatory developments, and the strategic implications of integrating AI into enterprise environments. Events such as these are incredible opportunities for executives to deepen their understanding and lead with confidence in the age of AI.
Make the most out of Cybersecurity Awareness Month
We hope that these resources provide you with the learning, training, and confidence to set you and your organizations up for success—both this month and beyond. Now is the time to build a culture with a security-first mindset by making security part of your daily habits at work, home, and everywhere else. A security-first mindset means staying informed, proactively protecting digital assets, and encouraging others to do the same. Security is a team sport. By promoting vigilance and shared responsibility, we can create a safer world for all.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.
Microsoft unveils a new wave of security innovation—delivering an agentic platform to protect organizations at scale
We are living through a turning point in how organizations work and defend themselves. Across industries, “Frontier Firms” are emerging; these are businesses where humans and AI agents collaborate in real time to solve problems, innovate, and build resilient organizations.
For security teams, this shift brings new opportunities and challenges. The complexity and speed of modern cyberthreats demand solutions that go beyond traditional tools. To address these needs, Microsoft is introducing new agentic security capabilities to empower defenders to innovate boldly and safely in this new AI era.
Microsoft Sentinel: The security platform for the agentic era
Defenders need to protect AI end-to-end and for that they need a platform that brings together data, context, automation, and intelligent agents, enabling them to defend and adapt at AI speed. That platform is Microsoft Sentinel.
Sentinel started as a cloud-native security information and event management (SIEM) and expanded to also include a unified security data lake in July. Today, it is expanding into an agentic platform with the general availability of Sentinel data lake, and the public preview of Sentinel graph and Sentinel Model Context Protocol (MCP) server. With graph-based context, semantic access, and agentic orchestration, Sentinel gives defenders a single platform to ingest signals, correlate across domains, and empower AI agents built in Security Copilot, VS Code using GitHub Copilot, or other developer platforms.
Sentinel ingests signals, either structured or semi-structured, and builds a rich, contextual understanding of your digital estate through vectorized security data and graph-based relationships. By integrating these insights with Microsoft Defender and Microsoft Purview, Sentinel brings graph-powered context to the tools security teams already use, helping defenders trace attack paths, understand impact, and prioritize response—all within familiar workflows.
With Microsoft Security and Sentinel data lake, we’ve unified silos, scaled operations, automated processes, and expanded coverage—transforming how we detect patterns and prepare for the future with a unified, agile security posture.
—Bernard Knaapen, Chief Product Owner, Monitoring and Incident Response, ABN AMRO
Sentinel also organizes and enriches your security data, making it ready for AI agents to detect issues faster, investigate with more clarity, and respond automatically when needed. And Sentinel’s graph-based approach powers Security Copilot agents to reason over your environment with precision and speed, thanks to the built-in MCP server, which uses open standards for easy agent access and action. For advanced teams, Sentinel MCP server enables extensibility for predefined and custom agents, allowing AI-powered reasoning over unified data. This shifts security from reactive to predictive, helping teams anticipate threats and automate response at scale.
This diagram illustrates the architecture and integration of Microsoft’s security ecosystem across multicloud andmultiplatform environments.
Sentinel is an industry-leading SIEM and the scalable backbone defenders need in the age of AI.1 Together, Sentinel and Security Copilot give security teams the visibility, automation, and scale they need to stay ahead of cyberthreats.
Security Copilot: Build your own agents—no code required
Security Copilot was created to help security teams tackle the toughest challenges—endless alerts, siloed tools, and constant pressure to do more with less. But no one understands your environment and unique needs like you do. Now you can build your own Security Copilot agents. The Security Copilot portal features a no-code agent builder that lets you describe what you need in natural language and create, optimize, and publish agents tailored to your workflows in minutes.
You can also build agents in a Sentinel MCP server-enabled coding platform, such as VS Code using GitHub Copilot. Once built, you can refine and deploy agents to your Security Copilot workspace while keeping the process within the familiar development platform.
Security Copilot agents are designed to integrate into daily tools and workflows—whether embedded in the Microsoft Security products you already use, partner-built, or custom-built for your environment. Since launching Security Copilot agents in March 2025, we’ve delivered more than a dozen agents for scenarios such as phish triage and conditional access optimization. We continue to add embedded agents such as the Access Review Agent in Microsoft Entra. Microsoft and partner-created Security Copilot agents are available to discover, buy, and deploy in the Security Store today.
Building on Sentinel’s graph-based context, Security Copilot agents can now reason more effectively across your environment—correlating alerts, enriching context with relationships, prioritizing by impact, and automating common actions. This enables fewer false positives, faster triage, and lower mean time to resolution (MTTR). Work shifts from manual triage to agent-led workflows: agents orchestrate and automate routine tasks, while analysts review and approve outcomes—focusing their time on strategic decisions and proactive threat hunts.
As organizations embrace AI, Microsoft continues to invest in tools that help security teams secure and govern their AI platforms, apps, and agents across the enterprise.
Over the past few months, we’ve expanded our Security for AI capabilities, including Entra Agent ID to help discover and manage your agent estate, controls to prevent data oversharing in custom-built AI apps and agents, risk discovery tools for AI model providers and MCP servers, and advanced detection for prompt injection attacks.
At Microsoft Build 2025, we announced new enhancements to Azure AI Foundry that provide more protection for AI agents across their lifecycle. These will be available soon and include:
Agent task adherence control to help keep agents aligned with tasks in real time
Personally identifiable information (PII) guardrail
Spotlighting capability in prompt shields to enhance protection against cross-prompt injection attacks
Together, these innovations help you secure and govern your AI apps and agents in Microsoft 365 Copilot, Copilot Studio, and Azure AI Foundry—helping you build on the trusted tools your teams already use and offering you more natively built protections for your Microsoft AI platforms.
Deep dive into these innovations at Microsoft Secure on Sep 30, Oct 1, or on demand. Then, join us at Microsoft Ignite, Nov, 17–21 in San Francisco, CA or online—for more innovations, hands-on labs, and expert connections.
Security is a team sport
We are entering a new era: security is adaptive, intelligent, and acts at the speed of thought. The advances announced today are the building blocks for a new generation of defense.
I firmly believe that security is a team sport. That team includes all of us— innovating together, learning together, and defending together.
Together, we’re not just imagining the future. We’re securing it.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.
A new breed of industry-leading company is taking shape — Frontier Firms. These organizations blend human ambition with AI-powered technology to reshape how innovation is scaled, work is orchestrated and value is created. They’re accelerating AI transformation to enrich employee experiences, reinvent customer engagement, reshape business processes and unlock creativity and innovation.
To empower customers in becoming Frontier, we’re excited to announce the launch of the reimagined Microsoft Marketplace, your trusted source for cloud solutions, AI apps and agents. This further realizes Marketplace as an extension of the Microsoft Cloud, where we collaborate with our partner ecosystem to bring their innovations to our customers globally. By offering a comprehensive catalog across cloud solutions and industries, Microsoft Marketplace accelerates the path to becoming a Frontier Firm. With today’s announcement, we are excited to share:
The new Microsoft Marketplace, a single destination to find, try, buy and deploy cloud solutions, AI apps and agents. Azure Marketplace and Microsoft AppSource are now unified to simplify cloud and AI management. Available today in the US and coming soon to customers worldwide.
Tens of thousands of cloud and industry solutions in the Marketplace catalog across a breadth of categories ranging from data and analytics to productivity and collaboration, in addition to industry-specific offerings.
Over 3,000 AI apps and agents are newly available directly on Marketplace and in Microsoft products — from Azure AI Foundry to Microsoft 365 Copilot — with rapid provisioning within your Microsoft environment through industry standards like Model Context Protocol (MCP).
Marketplace integrations with Microsoft’s channel ecosystem, empowering you to buy where and how you want — whether from your cloud service provider (CSP) or relying on a trusted partner to procure cloud and AI solutions on your behalf.
AI apps and agents for every use case
Microsoft Marketplace gives you access to thousands of AI apps and agents from our rich partner ecosystem designed to automate tasks, accelerate decision-making and unlock value across your business. With a new AI Apps and Agents category, you can easily and confidently find AI solutions that integrate with your organization’s existing Microsoft products.
“With Microsoft Marketplace, we reduced configuration time of AI apps from nearly 20 minutes to just 1 minute per instance. That efficiency boost has translated into increased productivity and lower operating costs. Marketplace is a strategic channel for Siemens, where we’ve seen an 8X increase in customer adoption. It’s a powerful platform for scaling both sides of our business.”
— Jeff Zobrist, VP Global Partner Ecosystem and Go To Market | Siemens Digital Industries Software
Special thanks to these partners who are launching new AI offerings in Microsoft Marketplace today:
Comprehensive catalog across cloud solutions and industries
Microsoft Marketplace offers solutions across dozens of categories ranging from data and analytics to productivity and collaboration, in addition to industry-specific offerings. Microsoft Marketplace is a seamless extension of the Microsoft Cloud, uniting solutions integrated with Azure, Microsoft 365, Dynamics 365, Power Platform, Microsoft Security and more.
“The Microsoft Marketplace, in particular, helps us balance innovation with confidence by giving us access to trusted solutions that integrate seamlessly with our Azure environment — ultimately enabling us to move faster while staying true to our Five Principles.”
— Matthew Hillegas, Commercial Director – Infrastructure & Information Security | Mars Inc.
For organizations with a Microsoft Azure Consumption Commitment, 100% of your purchase for any of the thousands of Azure benefit eligible solutions available on Marketplace continue to count toward your commitment. This helps you spend smarter to maximize your cloud and AI investments.
Integrated experience from discovery to deployment
Contextually relevant cloud solutions, AI apps and agents built by our partners are also available directly within Microsoft products — providing users, developers and IT practitioners with approved solutions in the flow of work. For example, Agent Store includes Copilot agents within the Microsoft 365 Copilot experience. The same applies for apps in Microsoft Teams, models and tools in Azure AI Foundry and future experiences including MCP servers.
By integrating offerings from Marketplace directly into the Microsoft Cloud, IT is equipped with management and control tools that enable both innovation and governance. When you acquire a Copilot agent or an app running on Azure from Microsoft Marketplace, it’s provisioned and distributed to team members aligned to your security and governance standards.
Powering partner growth
For our partners, Microsoft Marketplace sits at the center of how we work together. We’re continuously expanding its capabilities to help our partners drive growth — whether that means scaling through digital sales, deepening channel partnerships or landing transformative deals.
We’ve invested in multiparty private offers, CSP integration and CSP private offers to connect software development companies and channel partners on Marketplace, creating more complete solutions to address customers’ needs. Today, we’re excited to share that valued partners including Arrow, Crayon, Ingram Micro, Pax8 and TD SYNNEX are integrating Microsoft Marketplace into their marketplaces, further extending customer reach.
Additionally, a new Marketplace capability called resale enabled offers is now in private preview. This empowers software companies to authorize their channel partners to sell on their behalf through private offers — unlocking new routes to market.
“We’re incredibly excited about the path forward with Microsoft. This integration with the Marketplace catalog is just the beginning — we see endless potential to co-innovate and help customers navigate their AI-first transformation with confidence.”
— Melissa Mulholland, Co-CEO | SoftwareOne and Crayon
Nicole Dezen, Chief Partner Officer and Corporate Vice President, Global Channel Partner Sales at Microsoft, shares more details about the partner opportunity with Microsoft Marketplace in her blog.
Becoming Frontier with Microsoft Marketplace
Whether you’re seeking to accelerate innovation, empower your teams with AI or unlock new value through trusted partners, Microsoft Marketplace brings together the solutions, expertise and ecosystem to meet your business needs. Explore the new Microsoft Marketplace.Thousands of solutions. Millions of customers. One Marketplace.
Alysa Taylor is the Chief Marketing Officer for Commercial Cloud and AI at Microsoft, leading teams that enable digital and AI transformation for organizations of all sizes across the globe. She is at the forefront of helping organizations around the world harness digital and AI innovation to transform how they operate and grow.
When cybersecurity stakes are high and complexity is the norm, Microsoft doesn’t just participate, it excels with Microsoft Defender XDR—built to anticipate, disrupt, and outpace modern cyberthreats. We are excited to announce that Microsoft has been named a Leader in the IDC MarketScape: Worldwide Extended Detection and Response Software 2025 Vendor Assessment (doc #US52997325, September 2025). Read the complete IDC MarketScape: Worldwide XDR Software 2025 report.
Defender XDR has the broadest signal coverage across the enterprise spanning endpoints, identities, email and collaboration tools, software as a service (SaaS) apps, cloud workloads, and data security—which enables security leaders to consolidate visibility, automate response, and outperform siloed tools. It combines native capabilities in threat detection, prevention, and response backed by AI-powered automation, rich telemetry, and seamless security information and event management (SIEM) integration to deliver a comprehensive and proactive defense strategy for modern enterprises. But Microsoft’s advantage goes beyond coverage. As one of the Big Three public cloud providers—and the originator of widely adopted platforms like Microsoft 365 and Microsoft Entra ID—Microsoft has unparalleled insight into the very technologies it secures.
IDC MarketScape vendor analysis model is designed to provide an overview of the competitive fitness of technology and suppliers in a given market. The research methodology utilizes a rigorous scoring methodology based on both qualitative and quantitative criteria that results in a single graphical illustration of each supplier’s position within a given market. The Capabilities score measures supplier product, go-to-market, and business execution in the short-term. The Strategy score measures alignment of supplier strategies with customer requirements in a three- to five-year timeframe. Supplier market share is represented by the size of the icons.
Driving AI innovation in cybersecurity
Microsoft also stands out for its use of AI in cybersecurity through Microsoft Security Copilot. First introduced in March 2023 with generative AI capabilities, these digital assistants have evolved into a suite of autonomous AI agents announced in 2025, each designed to support specific use cases such as triaging user-reported phishing emails. This agentic approach enhances operational efficiency and empowers security teams with intelligent, task-specific automation. In fact, the phishing triage agent examines thousands of alerts each day—typically within 15 minutes of detection—which saves time, accelerates threat response, and allows security operations center (SOC) teams to focus on more meaningful tasks.
Complementing this agentic approach, IDC specifically highlighted Microsoft Defender’s automatic attack disruption, an AI-powered capability that disrupts in-progress cyberattacks like ransomware by containing compromised assets to prevent lateral movement—often within an average of just three minutes. Together, these innovations show how Microsoft is redefining the modern SOC to infuse AI throughout standard SOC workflows and rapidly respond to sophisticated cyberattacks.
Microsoft provides a full life cycle offering from preemptive and prevention technologies to detection and response.
In their report, IDC shared that one key Microsoft strength lies in its ability to unify proactive defense with intelligent response. Defender XDR natively integrates exposure management, attack surface reduction, secure configuration monitoring, and data loss prevention—giving security teams the tools to identify and mitigate vulnerabilities before they’re exploited. This preemptive posture and built-in attack disruption not only reduces risk but also enhances the fidelity of alerts, enabling faster, more accurate threat detection.
Defender script analysis and threat hunting
Sophisticated cyberattacks often evade detection using cloaked scripts and PowerShell commands. Defender XDR includes built-in script analysis, allowing analysts to inspect and classify scripts without external tools—reducing complexity and accelerating response. And for deeper threat hunting, Defender XDR supports Kusto Query Language (KQL), enabling analysts to parse telemetry, discover patterns, and identify outliers. Novice users can leverage a guided user interface experience to build and customize queries with ease while building their skillset.
Seamless integration and correlation between SIEM and XDR
IDC also noted that what sets Microsoft apart is its seamless correlation between SIEM and XDR, allowing insights from threat actor behavior and anomalies to flow across platforms without requiring customers to deploy both. With all this, plus powerful visualizations, KQL-based threat hunting, and deep identity threat detection, Microsoft delivers a strongly competitive, comprehensive, and adaptive security operations experience.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.
IDC MarketScape vendor assessment model is designed to provide an overview of the competitive fitness of technology and service suppliers in a given market. The research utilizes a rigorous scoring methodology based on both qualitative and quantitative criteria that results in a single graphical illustration of each supplier’s position within a given market. IDC MarketScape provides a clear framework in which the product and service offerings, capabilities and strategies, and current and future market success factors of technology suppliers can be meaningfully compared. The framework also provides technology buyers with a 360-degree assessment of the strengths and weaknesses of current and prospective suppliers.
Login
