Microsoft Bolsters Cloud Security to Thwart Account Hijacking Threats
Cybersecurity Dive
|
Contributed by: Kate Gamble
Summary
Microsoft is enhancing the security of its Entra ID cloud identity management platform to mitigate account hijacking risks, with a new measure that prevents scripts from executing during the login process unless they originate from trusted Microsoft domains. This initiative, part of the broader Secure Future Initiative, addresses vulnerabilities exposed by recent cyberattacks, particularly cross-site scripting (XSS) risks. While this update will modify the Content Security Policy (CSP) header, it does not affect Entra External ID used in non-web applications. Healthcare professionals should take note of these changes and test their sign-in processes in advance to ensure secure access and protect sensitive health data.
