![]()
Security
- Defending the Inbox Against Prompt Injection Attacks
Microsoft is adding prompt-injection protection to Defender for Office 365, targeting attacks that try to hijack AI assistants through poisoned email content. As clients switch on Copilot and email-reading agents, the inbox becomes an attack surface for the AI, not just the human. Still early, but worth understanding now so you’ve got an answer when a client asks.
https://techcommunity.microsoft.com/blog/microsoftdefenderforoffice365blog/defending-the-inbox-against-prompt-injection-attacks/4534636 - GigaWiper: Anatomy of a destructive backdoor assembled from multiple malware
Microsoft’s threat researchers break down GigaWiper, a destructive backdoor stitched together from several malware families. Wipers don’t steal — they destroy — so this is a good reminder that tested, offline backups are the last line of defence for SMB clients. Read it to understand the tactics before you’re explaining them to a customer mid-incident.
https://www.microsoft.com/en-us/security/blog/2026/07/09/gigawiper-anatomy-of-a-destructive-backdoor-assembled-from-multiple-malware/ - Protecting Microsoft at AI speed: How SFI proactively hardens our cloud
Microsoft walks through how its Secure Future Initiative is hardening its own cloud proactively rather than reactively. Not much you action directly, but it’s useful reference material for the “is Microsoft actually secure?” conversation with nervous SMB owners. Nothing groundbreaking, but decent ammunition for trust discussions.
https://www.microsoft.com/en-us/security/blog/2026/07/08/protecting-microsoft-at-ai-speed-how-sfi-proactively-hardens-our-cloud/ - 5 insights from Frost & Sullivan’s 2025 Frost Radar for Cloud Security Posture Management
Microsoft’s been recognised in Frost & Sullivan’s latest Frost Radar for Cloud Security Posture Management. The takeaway for MSPs isn’t the ranking — it’s that CSPM is now table stakes for anyone running client workloads across cloud. Worth a look if you’re still treating posture management as a nice-to-have.
https://www.microsoft.com/en-us/security/blog/2026/07/06/5-insights-from-frost-sullivans-2025-frost-radar-for-cloud-security-posture-management/
Microsoft 365 & Windows
- Cross-Tenant Message Recall in Exchange Online
Exchange Online is gaining cross-tenant message recall, letting senders pull back emails delivered to recipients in other tenants. For MSPs juggling multiple client tenants and the occasional reply-all disaster, this is genuinely useful damage control. Good reminder to confirm it’s supported before you promise a client you can un-send something.
https://techcommunity.microsoft.com/blog/exchange/cross-tenant-message-recall-in-exchange-online/4535800 - Admins: Migrating user data during mergers and restructurings just got easier
Microsoft has streamlined migrating user data during mergers and restructurings — exactly the work MSPs get dragged into. If you handle M&A or org changes for clients, this could save real hours on mailbox and data moves. Worth a look before your next tenant consolidation.
https://techcommunity.microsoft.com/blog/microsoft365insiderblog/admins-migrating-user-data-during-mergers-and-restructurings-just-got-easier/4530703
Cloud & AI
- What’s new in Agent 365 – June 2026
Microsoft’s monthly rundown of what’s changed in Agent 365, its platform for managing AI agents across the org. As clients spin up more agents, someone has to govern, secure and inventory them — and that someone is usually the MSP. Worth tracking so agent sprawl doesn’t blindside you later.
https://techcommunity.microsoft.com/blog/agent-365-blog/whats-new-in-agent-365-%E2%80%93-june-2026/4535107 - Available today: OpenAI’s GPT-5.6 in Microsoft 365 Copilot
OpenAI’s GPT-5.6 is now live inside Microsoft 365 Copilot. For clients already paying for Copilot, this is a free capability bump — nothing to deploy, but a good excuse to check in and show them what’s improved. Handy to know when they ask which model they’re actually running.
https://techcommunity.microsoft.com/blog/microsoft365copilotblog/available-today-openai%E2%80%99s-gpt-5-6-in-microsoft-365-copilot/4533152 - Built for Business: How Microsoft 365 Copilot Connects the Tools That Power Your Business
Microsoft is pushing how M365 Copilot connects to the other tools clients actually run — CRM, finance, line-of-business apps — through connectors. This is where Copilot starts earning its keep for SMBs beyond summarising emails. Worth a look if you’re trying to justify the Copilot spend to a sceptical client.
https://techcommunity.microsoft.com/blog/microsoft_365blog/built-for-business-how-microsoft-365-copilot-connects-the-tools-that-power-your-/4534980 - How Commonwealth Bank and Microsoft are reimagining the future of customer service
A customer story on how CommBank is using Microsoft AI to rework customer service at scale. Enterprise-sized and not directly SMB-relevant, but the patterns — AI triage, agent-assisted support — are exactly what smaller clients will ask you to replicate on a budget. Good reminder of where the puck is heading.
https://news.microsoft.com/source/asia/features/how-commonwealth-bank-and-microsoft-are-reimagining-the-future-of-customer-service
As always, the challenge isn’t finding information — it’s focusing on what actually matters.
After hours
Half Life web port – https://hl2.slqnt.dev/
Editorial
If you found this valuable, the I’d appreciate a ‘like’ or perhaps a donation at https://ko-fi.com/ciaops. This helps me know that people enjoy what I have created and provides resources to allow me to create more content. If you have any feedback or suggestions around this, I’m all ears. You can also find me via email director@ciaops.com and on X (Twitter) at https://www.twitter.com/directorcia.
If you want to be part of a dedicated Microsoft Cloud community with information and interactions daily, then consider becoming a CIAOPS Patron – www.ciaopspatron.com.
Watch out for the next CIA Brief next week