All CosmicBytez Labs articles tagged #Microsoft 365, across news, security advisories, how-to guides, and projects.
Eight settings inside the Microsoft 365 admin console that take less than two hours to configure and block 90% of the credential-based attacks targeting Canadian SMBs in 2026. If your IT person hasn't done these, here's what to ask for.
The FBI has published an advisory on Kali365, a Telegram-based phishing-as-a-service platform that captures legitimate OAuth tokens to gain persistent...
The Tycoon2FA phishing-as-a-service platform has added device-code phishing to its arsenal and abuses Trustifi click-tracking URLs to bypass Microsoft 365...
A new iteration of the ConsentFix attack toolkit has surfaced on cybercriminal forums, adding automation and scaling capabilities to OAuth consent...
Device code phishing attacks abusing the OAuth 2.0 Device Authorization Grant flow have exploded 37-fold in 2026 as ready-made phishing kits proliferate...
Comprehensive security checklist for Microsoft 365 and Entra ID tenants — Conditional Access policies, MFA enforcement, audit logging, DLP configuration,...
Harden your Microsoft 365 tenant with security baselines, conditional access policies, data loss prevention, audit logging, and compliance configurations...
Implement a comprehensive security baseline for Microsoft 365 tenants covering identity protection, email security, endpoint management, data governance,...
Secure your Exchange Online environment with mail flow rules, anti-spam policies, DMARC enforcement, admin audit controls, and mailbox permission hardening.
Configure Windows Autopilot for zero-touch device deployment. Covers hardware hash import, deployment profiles, ESP configuration, and user-driven enrollment.