https://modernworkweekly.com/tags/zero-trust/Recent content in Zero-Trust on Modern Work WeeklyHugoen-usTue, 09 Jun 2026 00:00:00 +0000https://modernworkweekly.com/posts/2026-06-09/Tue, 09 Jun 2026 00:00:00 +0000https://modernworkweekly.com/posts/2026-06-09/Top 5 This Week CVE-2026-42897 — Exchange Server OWA XSS (Active Vulnerability): All on-prem Exchange 2016, 2019, and SE versions are affected by an XSS flaw exploitable via a crafted email opened in OWA. Exchange Online is unaffected. Patch or mitigate immediately — no excuse to wait on this one. Teams Live Events retirement — June 30, 2026: Scheduling closes in three weeks. Any live events already on the calendar will run through February 28, 2027, but nothing new can be created after the deadline.https://modernworkweekly.com/posts/2026-06-02/Tue, 02 Jun 2026 00:00:00 +0000https://modernworkweekly.com/posts/2026-06-02/Top 5 This Week CVE-2026-42897 — Patch Exchange Server on-prem now. An XSS vulnerability in OWA allows arbitrary JavaScript execution when a user opens a crafted email. Exchange 2016, 2019, and SE are all affected. Exchange Online is not. If you’re still running on-prem Exchange, this is a drop-everything patch. Teams Live Events retires June 30, 2026. No new events can be scheduled after June 30. Events already on the calendar are honored through February 28, 2027.https://modernworkweekly.com/posts/2026-05-26/Tue, 26 May 2026 00:00:00 +0000https://modernworkweekly.com/posts/2026-05-26/Top 5 This Week Entra Connect Sync → Cloud Sync migration signal is live. Microsoft has formally announced the transition away from Entra Connect Sync toward cloud-native Entra Cloud Sync. This isn’t a hard cutoff yet, but the directional signal is clear — start your assessment now before it becomes a forced migration with a tight deadline. Entra Agent ID is GA. AI agents in your enterprise now have a first-class identity framework built on OAuth 2.https://modernworkweekly.com/exec/2026-05-19/Tue, 19 May 2026 00:00:00 +0000https://modernworkweekly.com/exec/2026-05-19/The Week at a Glance 🔴 Storm-2949 cloud breach — no malware required. A threat actor used stolen credentials, patient reconnaissance, and legitimate cloud tooling to exfiltrate data across an entire Microsoft 365 tenant. Your Conditional Access policies and privileged access controls are your primary defense. Audit them this week. 🔴 “Dirty Frag” Linux privilege escalation — actively exploited. A kernel-level vulnerability is being used in the wild. Any Linux system reachable by a low-privilege account, SSH, or web shell is at risk of full compromise.https://modernworkweekly.com/posts/2026-05-19/Tue, 19 May 2026 00:00:00 +0000https://modernworkweekly.com/posts/2026-05-19/Top 5 This Week Storm-2949 cloud breach anatomy — read this now. No malware, no novel exploits. Stolen credentials plus patient attacker plus trusted tooling equalled cloud-wide data exfiltration. Microsoft’s full TTP breakdown is required reading. Then go audit your Conditional Access policies, PIM assignments, OAuth app consents, and UEBA alerting. Dirty Frag Linux LPE — actively exploited. Local privilege escalation in Linux kernel networking components (esp4, esp6, rxrpc) is seeing in-the-wild exploitation.https://modernworkweekly.com/posts/2026-05-17/Sun, 17 May 2026 00:00:00 +0000https://modernworkweekly.com/posts/2026-05-17/Top 5 Hotpatch now default for all eligible Windows devices — GA, May 2026 Windows security update. Opt-out available at tenant level or per quality update policy. Review your rings before it hits. Entra hard-match restriction for role-holding accounts — Action required before June 1. AD → cloud sync will be blocked for objects targeting Entra role-assigned accounts. Agent 365: Shadow AI page + Intune endpoint controls for local agents — Preview.https://modernworkweekly.com/posts/2026-05-10/Sun, 10 May 2026 00:00:00 +0000https://modernworkweekly.com/posts/2026-05-10/Modern Work Weekly is a weekly digest built specifically for Modern Work Engineers — the people responsible for designing, deploying, and maintaining Microsoft 365 environments. Not IT generalists. Not executives. Engineers. What this is Every week, Microsoft publishes changes across a sprawling set of portals — Intune, Entra, Defender, Purview, the M365 Roadmap, and more. Most of it goes unread. Some of it has deadlines. A few items will quietly break something in your environment if you miss them.