Microsoft has released its February 2026 updates for Microsoft Sentinel, introducing new capabilities aimed at improving detection coverage, investigation workflows and AI-driven security operations. The update includes enhancements to analytics rules, expanded data connector support and deeper integration with Microsoft Security Copilot, reinforcing Sentinel’s positioning as an AI-augmented SIEM and SOAR platform. Included in the announcement of updates are out-of-the-box connectors and solutions for a variety of programs, an MS 365 Copilot data connector, codeless connector frameworks (CCF), multiple tenant central management and distribution, enhanced UEBA essential solutions and partner-built Security Copilot agents in Microsoft Security Store. Additionally, enhanced reports in Threat Intelligence Briefing Agent, Purview Data Security Investigations and an extended deadline to migrate Azure to Defender until March 2027 were also announced.
More
Posted by Redmondmag.com Editors on 02/11/20260 comments
Microsoft has announced the general availability of data lake tier ingestion for Microsoft Advanced Hunting Tables in the Microsoft Sentinel data lake. The update allows organizations to route select Defender data directly into Sentinel’s data lake tier, enabling lower-cost storage and extended retention while preserving query capabilities for investigation and threat hunting. The feature is designed to help customers manage growing security data volumes more efficiently without sacrificing visibility. With the release of Advanced Hunting, data can be ingested from Microsoft Defender for Endpoint, Office 365 and Cloud Apps directly into Sentinel data lake. This offers users high-volume storage, extended security analytics, query and integrated data and visual threat landscapes.
More
Posted by Redmondmag.com Editors on 02/11/20260 comments
Microsoft has published new research showing how prompt-based attacks can bypass safety controls in large language models, highlighting a growing risk as generative AI is adopted at scale. The analysis explains how carefully crafted inputs can manipulate model behavior, override guardrails, or extract restricted information, even when models are deployed with built-in safety mechanisms. These techniques demonstrate that prompt attacks are not theoretical, but practical threats that organizations must account for. According to research, the method called Group Relative Policy Optimization (GRPO) is used to make models helpful and safe but is now found to also have an adverse effect by using the same technique in the opposite direction, called GRP-Obliteration. The model's behavior can change with just a single unlabeled prompt to flip safety-tuned prompts into obliterated ones.
More
Posted by Redmondmag.com Editors on 02/09/20260 comments
Microsoft has announced the general availability of Agents in OneDrive, bringing built-in assistants that work directly with an organization’s own files. The agents are designed to help users search, summarize, analyze and act on content stored in OneDrive without leaving the file experience. The capability allows teams to apply AI to everyday document workflows while respecting existing permissions, security controls and data boundaries. This feature is particularly useful for seamless project coordination, knowledge transfer, research and synthesis and meeting prep with follow-up. Its coordination history, central shared space and updates as documents are being worked on makes it useful for efficient and optimal enterprise file workflows.
More
Posted by Redmondmag.com Editors on 02/04/20260 comments
Microsoft has announced the public preview of the Microsoft Copilot data connector for Microsoft Sentinel, giving security teams visibility into Copilot-related activity within their security operations workflows. The connector enables organizations to ingest telemetry from Microsoft Copilot into Sentinel, allowing SOC teams to monitor usage, investigate suspicious behavior and correlate Copilot activity with other security signals across the environment. The goal is to help customers manage AI adoption more securely as Copilot becomes embedded in daily work. The connector allows logs to be viewed via Purview Unified Audit Log (UAL), eliminating the need to view activities through the Purview Portal. Office 365 Management API's supported as part of this connector are listed here.
More
Posted by Redmondmag.com Editors on 02/04/20260 comments
Microsoft has published updated guidance to help customers configure and migrate Azure Blob Storage workloads to use Transport Layer Security (TLS) 1.2, as older TLS versions have been phased out. The guidance walks administrators through identifying clients and applications that still rely on TLS 1.0 or 1.1, updating configurations and validating compatibility before enforcement. The goal is to reduce disruption while strengthening the security baseline for data in transit. The updated version (TLS 1.2 and above) is more secure, faster and supports modern cryptographic algorithms and cipher suites.
More
Posted by Redmondmag.com Editors on 02/03/20260 comments
Microsoft announces the general availability of source-specific filters in Microsoft Copilot Search, giving users more control over how search results are generated and displayed across Microsoft 365. The new capability allows users to filter Copilot search responses by content source, such as SharePoint, OneDrive, Outlook or other connected data repositories, making it easier to find relevant information without sifting through mixed results. The update is designed to improve accuracy, trust and efficiency as Copilot becomes more deeply embedded in daily work. The source-specific filters deliver connector-aware, zero setup filtering directly into Copilot Search as a key step towards a productivity-first search experience. Queries can also be refined using Area Path and Assigned To filters, making results more efficient and contextually relevant with instantly applied filters.
More
Posted by Redmondmag.com Editors on 01/29/20260 comments
Microsoft has announced the general availability of Remote Desktop Protocol (RDP) Shortpath configuration through Group Policy Objects (GPO) and Microsoft Intune, giving IT teams more centralized control over how the feature is deployed and managed. RDP Shortpath enables multiple optimized UDP-based connections between clients and session hosts, reducing latency and improving reliability compared with traditional TCP-based connections. With GA support in GPO and Intune, administrators can now enable and configure the feature at scale without custom scripting or manual setup. The release enable admins to gain predictable, enforced behaviour across managed devices, centrally govern Shortpath modes and ensures that admins no longer need per-host manual configuration.
More
Posted by Redmondmag.com Editors on 01/29/20260 comments
Confluent announces the general availability of V2 Kafka connector for Azure Cosmos DB, aimed at simplifying how organizations build and operate real-time, event-driven data pipelines on Azure. The integration allows Kafka producers and consumers to stream data directly into Cosmos DB without custom connectors or intermediary services, enabling faster ingestion and processing of high-velocity event data. The capability offers higher throughput, stronger security and increased readability. Users can create a Confluent Cosmos DB (V2) Kafka Connector from within the Azure portal.
More
Posted by Redmondmag.com Editors on 01/21/20260 comments
Microsoft announced the Device IOCTL/WMI Record and Playback Platform (DRPP), a new extension to the WDTF platform that helps developers more easily test and discover driver errors. DRPP allows driver developers to record IOCTL and Windows Management Instrumentation (WMI) interactions from real systems and replay them later in controlled test environments, shipped as part of WDK. The approach is intended to reduce the effort required to reproduce bugs, validate fixes and test driver behavior across hardware and configuration variations.
More
Posted by Redmondmag.com Editors on 01/21/20260 comments
Microsoft has announced the deprecation of the SQL Server Reporting Services (SSRS), Power BI Report Server (PBIRS) and SQL Server Analysis Services (SSAS) management packs for System Center Operations Manager (SCOM). The management packs will no longer receive updates or support after January 2027, encouraging customers to transition to newer monitoring approaches. Existing deployments will continue to function, but no enhancements or fixes are planned.
The decision reflects Microsoft’s broader move away from on-premises, tightly coupled monitoring extensions in favor of cloud-based and platform-native observability solutions. As SQL Server environments increasingly span on-prem, hybrid, and cloud deployments, tools such as Azure Monitor, Azure Arc and Log Analytics are more central to operational monitoring strategies.
More
Posted by Redmondmag.com Editors on 01/21/20260 comments
Microsoft has taken two steps to mature SQL Server 2025 for enterprise deployment, announcing general availability on Red Hat Enterprise Linux 10 and Ubuntu 24.04, starting with the release of Cumulative Update 1 for the RTM build. Expanded Linux support gives organizations more flexibility to run SQL Server 2025 with robust compatibility, enhanced security and optimal performance for workloads. At the same time, CU1 delivers a collection of fixes and refinements based on early customer feedback, addressing reliability, performance and security issues. Microsoft positions the update as part of its regular servicing cadence, reinforcing that SQL Server 2025 is ready for production workloads across both Windows and Linux environments.
More
Posted by Redmondmag.com Editors on 01/16/20260 comments