Microsoft Entra ID and Entra Connect mitigation for Storm-0501
Advisory/Mitigation
Summary
Hide ▲
Show ▼
Microsoft issued Entra ID and Entra Connect 2.5.3.0 mitigations to reduce Storm-0501's credential extraction and privilege-escalation path in hybrid cloud tenants. The changes block abuse of Directory Synchronization Accounts and add Modern Authentication support for application-based authentication. Microsoft also directed customers to enable TPM on the Entra Connect Sync server to protect sensitive credentials and cryptographic keys. These steps harden organizations using Entra Connect against the attack chain Storm-0501 used to move from on-premises access into cloud identities.
Related Happenings
Bitwarden adds passkey login for Windows 11 sign-in
Security Tool/Service
First: 05.03.2026 00:34
Last: 05.03.2026 00:34
Sources 1
About this happening:
**Bitwarden** added **passkey login** for **Windows 11**, expanding passwordless sign-in and reducing phishing exposure for users who store credentials in the vault.
Bitwarden adds passkey login for Windows 11 sign-in
Security Tool/ServiceAbout this happening: **Bitwarden** added **passkey login** for **Windows 11**, expanding passwordless sign-in and reducing phishing exposure for users who store credentials in the vault.
Microsoft hardens Microsoft 365 and Office 2024 by disabling ActiveX and blocking legacy-auth access
Defensive Guidance
First: 11.12.2025 18:00
Last: 11.12.2025 18:00
Sources 1
About this happening:
Microsoft hardened **Microsoft 365** and **Office 2024** by disabling **all ActiveX controls** and tightening defaults to block **legacy authentication** access to **SharePoint**,...
Microsoft hardens Microsoft 365 and Office 2024 by disabling ActiveX and blocking legacy-auth access
Defensive GuidanceAbout this happening: Microsoft hardened **Microsoft 365** and **Office 2024** by disabling **all ActiveX controls** and tightening defaults to block **legacy authentication** access to **SharePoint**,...
Microsoft Entra ID hardens browser sign-ins with stricter Content Security Policy
Security Tool/Service
First: 26.11.2025 15:26
Last: 26.11.2025 15:26
Sources 1
About this happening:
Microsoft is tightening **Entra ID** browser sign-ins with a stronger **Content Security Policy**, reducing the risk of **script injection** and **XSS-style credential theft** dur...
Microsoft Entra ID hardens browser sign-ins with stricter Content Security Policy
Security Tool/ServiceAbout this happening: Microsoft is tightening **Entra ID** browser sign-ins with a stronger **Content Security Policy**, reducing the risk of **script injection** and **XSS-style credential theft** dur...
Cloud identity weakness is driving a surge in cloud attacks
Target Trend
First: 04.11.2025 15:00
Last: 04.11.2025 15:00
Sources 1
About this happening:
**Identity-related weakness** is now a major driver of **cloud attacks**, raising compromise risk across organizations with large identity footprints. In **Q3 2025**, **44%** of t...
Cloud identity weakness is driving a surge in cloud attacks
Target TrendAbout this happening: **Identity-related weakness** is now a major driver of **cloud attacks**, raising compromise risk across organizations with large identity footprints. In **Q3 2025**, **44%** of t...
HP OneAgent update breaks Microsoft Entra ID authentication on HP AI PCs
Service Disruption
First: 24.10.2025 00:50
Last: 24.10.2025 00:50
Sources 1
About this happening:
A faulty **HP OneAgent** update disrupted **Microsoft Entra ID** authentication on some **HP AI PCs**, leaving affected organizations unable to log in and cutting devices off from...
HP OneAgent update breaks Microsoft Entra ID authentication on HP AI PCs
Service DisruptionAbout this happening: A faulty **HP OneAgent** update disrupted **Microsoft Entra ID** authentication on some **HP AI PCs**, leaving affected organizations unable to log in and cutting devices off from...
Timeline
-
27.08.2025 22:04 1 articles · 9mo ago
Microsoft issues Entra ID and Entra Connect mitigations for Storm-0501
Mitigation Patch UpdateMicrosoft changed Microsoft Entra ID to prevent abuse of Directory Synchronization Accounts for privilege escalation, released Microsoft Entra Connect version 2.5.3.0 with Modern Authentication support for application-based authentication, and advised enabling TPM on the Entra Connect Sync server to protect sensitive credentials and cryptographic keys against Storm-0501 credential extraction techniques.
Show sources
- Storm-0501 Exploits Entra ID to Exfiltrate and Delete Azure Data in Hybrid Cloud Attacks — thehackernews.com — 27.08.2025 22:04