https://modernworkweekly.com/Recent content on Modern Work WeeklyHugoen-usTue, 09 Jun 2026 00:00:00 +0000https://modernworkweekly.com/exec/2026-06-09/Tue, 09 Jun 2026 00:00:00 +0000https://modernworkweekly.com/exec/2026-06-09/The Week at a Glance 🔴 High — Exchange Server OWA Vulnerability (CVE-2026-42897): Organizations running Exchange Server 2016, 2019, or Subscription Edition on-premises face an active cross-site scripting vulnerability that can execute malicious code when a user simply opens a crafted email in a browser. Patching or applying Microsoft’s mitigation is urgent. 🔴 High — Teams Live Events Retire June 30, 2026: Any organization still scheduling large-scale broadcasts using Teams Live Events must act within weeks.https://modernworkweekly.com/posts/2026-06-09/Tue, 09 Jun 2026 00:00:00 +0000https://modernworkweekly.com/posts/2026-06-09/Top 5 This Week CVE-2026-42897 — Exchange Server OWA XSS (Active Vulnerability): All on-prem Exchange 2016, 2019, and SE versions are affected by an XSS flaw exploitable via a crafted email opened in OWA. Exchange Online is unaffected. Patch or mitigate immediately — no excuse to wait on this one. Teams Live Events retirement — June 30, 2026: Scheduling closes in three weeks. Any live events already on the calendar will run through February 28, 2027, but nothing new can be created after the deadline.https://modernworkweekly.com/exec/2026-06-02/Tue, 02 Jun 2026 00:00:00 +0000https://modernworkweekly.com/exec/2026-06-02/The Week at a Glance 🔴 High — Exchange Server OWA vulnerability (CVE-2026-42897) requires immediate patching. Any organization still running Exchange Server 2016, 2019, or Subscription Edition on-premises is exposed to a remote JavaScript execution attack delivered by email. Exchange Online customers are not affected, but hybrid environments must act now. 🔴 High — Secure Boot certificates begin expiring in June. Windows devices that have not been updated for the new certificate chain may fail to boot or be blocked from updates.https://modernworkweekly.com/posts/2026-06-02/Tue, 02 Jun 2026 00:00:00 +0000https://modernworkweekly.com/posts/2026-06-02/Top 5 This Week CVE-2026-42897 — Patch Exchange Server on-prem now. An XSS vulnerability in OWA allows arbitrary JavaScript execution when a user opens a crafted email. Exchange 2016, 2019, and SE are all affected. Exchange Online is not. If you’re still running on-prem Exchange, this is a drop-everything patch. Teams Live Events retires June 30, 2026. No new events can be scheduled after June 30. Events already on the calendar are honored through February 28, 2027.https://modernworkweekly.com/exec/2026-05-26/Tue, 26 May 2026 00:00:00 +0000https://modernworkweekly.com/exec/2026-05-26/The Week at a Glance 🔴 High — Stolen credentials, no malware needed. Microsoft’s own threat intelligence this week documented how attackers turned a single compromised identity into a cloud-wide data breach — no malicious software required. Organizations without strong multi-factor authentication controls are directly in scope. 🔴 High — SAP SuccessFactors integration must be re-secured before November 2026. SAP is retiring the older username/password authentication method for its HR APIs.https://modernworkweekly.com/posts/2026-05-26/Tue, 26 May 2026 00:00:00 +0000https://modernworkweekly.com/posts/2026-05-26/Top 5 This Week Entra Connect Sync → Cloud Sync migration signal is live. Microsoft has formally announced the transition away from Entra Connect Sync toward cloud-native Entra Cloud Sync. This isn’t a hard cutoff yet, but the directional signal is clear — start your assessment now before it becomes a forced migration with a tight deadline. Entra Agent ID is GA. AI agents in your enterprise now have a first-class identity framework built on OAuth 2.https://modernworkweekly.com/exec/2026-05-19/Tue, 19 May 2026 00:00:00 +0000https://modernworkweekly.com/exec/2026-05-19/The Week at a Glance 🔴 Storm-2949 cloud breach — no malware required. A threat actor used stolen credentials, patient reconnaissance, and legitimate cloud tooling to exfiltrate data across an entire Microsoft 365 tenant. Your Conditional Access policies and privileged access controls are your primary defense. Audit them this week. 🔴 “Dirty Frag” Linux privilege escalation — actively exploited. A kernel-level vulnerability is being used in the wild. Any Linux system reachable by a low-privilege account, SSH, or web shell is at risk of full compromise.https://modernworkweekly.com/posts/2026-05-19/Tue, 19 May 2026 00:00:00 +0000https://modernworkweekly.com/posts/2026-05-19/Top 5 This Week Storm-2949 cloud breach anatomy — read this now. No malware, no novel exploits. Stolen credentials plus patient attacker plus trusted tooling equalled cloud-wide data exfiltration. Microsoft’s full TTP breakdown is required reading. Then go audit your Conditional Access policies, PIM assignments, OAuth app consents, and UEBA alerting. Dirty Frag Linux LPE — actively exploited. Local privilege escalation in Linux kernel networking components (esp4, esp6, rxrpc) is seeing in-the-wild exploitation.https://modernworkweekly.com/exec/2026-05-17/Sun, 17 May 2026 00:00:00 +0000https://modernworkweekly.com/exec/2026-05-17/The Week at a Glance 🔴 High — Identity sync breaks June 1: Any automated process that creates or links user accounts tied to privileged administrator roles will silently fail after June 1. Provisioning pipelines need to be audited and fixed before the deadline. 🔴 High — App access failures June 15: Security policy changes take effect June 15 that will break access to business applications for users in tenants with certain security policy exceptions.https://modernworkweekly.com/posts/2026-05-17/Sun, 17 May 2026 00:00:00 +0000https://modernworkweekly.com/posts/2026-05-17/Top 5 Hotpatch now default for all eligible Windows devices — GA, May 2026 Windows security update. Opt-out available at tenant level or per quality update policy. Review your rings before it hits. Entra hard-match restriction for role-holding accounts — Action required before June 1. AD → cloud sync will be blocked for objects targeting Entra role-assigned accounts. Agent 365: Shadow AI page + Intune endpoint controls for local agents — Preview.https://modernworkweekly.com/posts/2026-05-10/Sun, 10 May 2026 00:00:00 +0000https://modernworkweekly.com/posts/2026-05-10/Modern Work Weekly is a weekly digest built specifically for Modern Work Engineers — the people responsible for designing, deploying, and maintaining Microsoft 365 environments. Not IT generalists. Not executives. Engineers. What this is Every week, Microsoft publishes changes across a sprawling set of portals — Intune, Entra, Defender, Purview, the M365 Roadmap, and more. Most of it goes unread. Some of it has deadlines. A few items will quietly break something in your environment if you miss them.https://modernworkweekly.com/deadlines/Mon, 01 Jan 0001 00:00:00 +0000https://modernworkweekly.com/deadlines/