Microsoft 365 MX spoofing mitigation guidance
Advisory/Mitigation
Summary
Hide ▲
Show ▼
Microsoft issued mitigation guidance for Microsoft 365 tenants exposed to MX spoofing, because misconfigured mail routing can make phishing emails look internal and raise account compromise risk. The company told organizations to point MX records directly to Office 365, apply strict DMARC, and verify any third-party services tied to MX routing. Microsoft also recommended phishing-resistant MFA for privileged roles in Microsoft Entra ID. The guidance applies to tenants with custom routing not pointed to Office 365 and is meant to reduce credential theft, BEC, and fraud.
Related Happenings
Microsoft Exchange Server spoofing/XSS flaw under active exploitation (CVE-2026-42897)
Vulnerability
First: 15.05.2026 09:19
Last: 15.05.2026 09:19
Sources 1
About this happening:
**CVE-2026-42897** is an **actively exploited** **spoofing/XSS** flaw in **on-premises Microsoft Exchange Server** that can let attackers trigger **arbitrary JavaScript** in a bro...
Microsoft Exchange Server spoofing/XSS flaw under active exploitation (CVE-2026-42897)
VulnerabilityAbout this happening: **CVE-2026-42897** is an **actively exploited** **spoofing/XSS** flaw in **on-premises Microsoft Exchange Server** that can let attackers trigger **arbitrary JavaScript** in a bro...
Microsoft Exchange Online blocks legacy TLS for POP3 and IMAP4 starting July 2026
Security Tool/Service
First: 28.04.2026 16:18
Last: 28.04.2026 16:18
Sources 1
About this happening:
**Microsoft** will block **TLS 1.0** and **TLS 1.1** for **POP3/IMAP4** access to **Exchange Online** in **July 2026**, which could break legacy mail clients and embedded devices...
Microsoft Exchange Online blocks legacy TLS for POP3 and IMAP4 starting July 2026
Security Tool/ServiceAbout this happening: **Microsoft** will block **TLS 1.0** and **TLS 1.1** for **POP3/IMAP4** access to **Exchange Online** in **July 2026**, which could break legacy mail clients and embedded devices...
Microsoft 365 mailbox-rule abuse rises across breached accounts in Q4 2025
Target Trend
First: 13.04.2026 18:00
Last: 13.04.2026 18:00
Sources 1
About this happening:
In **Q4 2025**, about **10%** of breached **Microsoft 365** accounts had malicious mailbox rules created within seconds of compromise, increasing **persistence**, **data theft**,...
Microsoft 365 mailbox-rule abuse rises across breached accounts in Q4 2025
Target TrendAbout this happening: In **Q4 2025**, about **10%** of breached **Microsoft 365** accounts had malicious mailbox rules created within seconds of compromise, increasing **persistence**, **data theft**,...
Microsoft AiTM payroll pirate attack mitigation
Advisory/Mitigation
First: 10.04.2026 14:56
Last: 10.04.2026 14:56
Sources 1
About this happening:
**Microsoft** is urging defenders to harden **Microsoft 365** and related **HR workflows** against **AiTM**-driven payroll theft by requiring **phishing-resistant MFA**, blocking...
Microsoft AiTM payroll pirate attack mitigation
Advisory/MitigationAbout this happening: **Microsoft** is urging defenders to harden **Microsoft 365** and related **HR workflows** against **AiTM**-driven payroll theft by requiring **phishing-resistant MFA**, blocking...
Phishing-resistant authentication to block post-breach credential abuse and relay attacks
Defensive Guidance
First: 09.04.2026 17:02
Last: 09.04.2026 17:02
Sources 1
About this happening:
**Phishing-resistant authentication** is being emphasized as the control that can stop post-breach account takeover when exposed email records fuel **credential stuffing**, **AiTM...
Phishing-resistant authentication to block post-breach credential abuse and relay attacks
Defensive GuidanceAbout this happening: **Phishing-resistant authentication** is being emphasized as the control that can stop post-breach account takeover when exposed email records fuel **credential stuffing**, **AiTM...
Timeline
-
08.01.2026 16:01 2 articles · 4mo ago
Microsoft issues MX spoofing mitigation guidance for Microsoft 365 tenants
Mitigation Patch UpdateMicrosoft advised Microsoft 365 tenants with custom email routing to point MX records directly to Office 365, apply strict DMARC, verify any third-party services linked to MX, and enforce phishing-resistant MFA for privileged roles in Microsoft Entra ID to reduce internal-looking phishing and account compromise risk.
Show sources
- Phishing Attacks Exploit Misconfigured Email Routing Settings to Target Microsoft 365 Users — www.infosecurity-magazine.com — 08.01.2026 16:01
- Phishing Attacks Exploit Misconfigured Email Routing Settings to Target Microsoft 365 Users — www.infosecurity-magazine.com — 08.01.2026 16:01