Summary: Microsoft has transitioned its Microsoft Account signing service to Azure confidential VMs and is migrating the Entra ID signing service to enhance security against cyber threats. The enhancements are part of the Secure Future Initiative, which aims to bolster cybersecurity following vulnerabilities exploited by the Storm-0558 attack. Additionally, Microsoft reported significant adoption of multifactor authentication across its systems to mitigate advanced cyber threats.
Affected: Microsoft Account (MSA), Microsoft Entra ID
Keypoints :
- Microsoft has moved MSA signing service to Azure confidential virtual machines for improved security.
- 90% of identity tokens for Microsoft apps validated by a hardened identity SDK; 92% of employee accounts use phishing-resistant MFA.
- The Secure Future Initiative aims to address past vulnerabilities highlighted by the U.S. Cyber Safety Review Board following significant breaches.
- Windows Resiliency Initiative includes Quick Machine Recovery feature to automatically fix unbootable systems.
Source: https://thehackernews.com/2025/04/microsoft-secures-msa-signing-with.html