WHAT ARE YOU LOOKING FOR?

Popular Tags

Raleigh, NC

32°F
Scattered Clouds Humidity: 79%
Wind: 2.06 M/S

Microsoft Fortifies MSA Signing with Azure Confidential VMs After Storm-0558 Hack

Security Hits: 253
Microsoft Fortifies MSA Signing with Azure Confidential VMs After Storm-0558 Hack

Microsoft Moves MSA Signing Service to Azure Confidential VMs, Strengthens Security Posture 

Microsoft has announced the migration of its Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and is currently transitioning its Entra ID signing service as well. This move is part of an ongoing effort to strengthen security following the 2023 Storm-0558 cyberattack. 

Earlier, Microsoft had updated Entra ID and MSA services across public and U.S. government clouds to use Azure Managed Hardware Security Modules (HSMs) for generating, storing, and rotating access token signing keys automatically. According to Charlie Bell, EVP of Microsoft Security, these enhancements are designed to mitigate the vectors exploited in the Storm-0558 incident. 

Key security improvements include: 

  • 90% of Microsoft Entra ID tokens for Microsoft apps are now validated via a hardened identity SDK. 
  • 92% of employee productivity accounts are protected with phishing-resistant MFA. 
  • 81% of production code branches are secured with MFA and proof-of-presence checks. 
  • A pilot project is underway to move customer support workflows to a separate tenant to reduce lateral movement risks. 
  • New tenant provisioning automatically registers tenants in the security emergency response system. 

These steps are part of Microsoft’s Secure Future Initiative (SFI) — its largest cybersecurity engineering undertaking, launched in response to a U.S. Cyber Safety Review Board report that criticized Microsoft’s role in the Storm-0558 breach. 

In July 2023, Microsoft disclosed that attackers forged Entra ID tokens due to a validation flaw, using a consumer signing key to access email systems and exfiltrate data. 

Additionally, Microsoft introduced the Windows Resiliency Initiative, featuring tools like Quick Machine Recovery. This feature, embedded in Windows Recovery Environment (WinRE), allows automatic system repair even when a device fails to boot — reducing the impact of failures like the July 2024 CrowdStrike incident. 

 

Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post. 

Image
Back To Top

With Cybersecurity Insights, current news and event trends will be captured on cybersecurity, recent systems / cyber-attacks, artificial intelligence (AI), technology innovation happening around the world; to keep our viewers fast abreast with the current happening with technology, system security, and how its effect our lives and ecosystem. 

Please fill the required field.