Microsoft this week has announced a new wave of security measures for its Windows 365 Cloud PC service, with the goal being to increase protection within its enterprise cloud environments.

The updates, which will begin rolling out in the second half of 2025, will introduce default restrictions on file and device redirections, while also enabling virtualisation-based security (VBS) features on supported systems.

These changes are set to be a part of Microsoft’s broader Secure Future Initiative, which focuses on hardening systems against new threats through proactive and built-in protections.

Redirection Restrictions to Minimise Risk

One of the most notable updates is Microsoft’s decision to disable certain redirection features by default.

Newly provisioned or reprovisioned Cloud PCs will now block clipboard, drive, USB, and printer redirections.

This restriction is designed to prevent data theft by hackers and malware, and limit the vulnerabilities and potential entry points between local devices and the cloud environment.

Microsoft said, “Accessing a file will disable the clipboard, making it impossible to copy files between the Cloud PC and physical devices.” This update, while predominantly introduced for security purposes, could also cause workflow limitations for users accustomed to easy file transfers.

Not all devices will be affected.

Hardware accessories such as mice, keyboards, and webcams, all classified under high-level redirection, will continue to function as they always have. Moreover, shared-use systems such as Windows 365 Frontline Cloud PCs, will keep their existing policies.

Virtualisation-Based Security Now Enabled by Default

Alongside the new redirection controls, Microsoft has also activated a suite of VBS features across Windows 11-based Cloud PCs. These include:

• Credential Guard – To protect user credentials by isolating them from the rest of the system.
• HVCI (Hypervisor-Protected Code Integrity) – To ensure that only trusted code runs at the kernel level (the highest level of access).
• Virtual Secure Mode – Which uses hardware-level virtualisation to create isolated memory spaces for critical operations.

These features already began rolling out in May 2025 and are designed to defend against sophisticated threats such as credential theft and kernel-level exploits.

Administrative Control and Implementation Timeline

While the changes will be enforced by default, administrators will still be able to manually reenable redirection functionality using Microsoft Intune or Group Policy Objects (GPO), if business needs require it. This will give IT teams flexibility while still maintaining Microsoft’s secure-by-default stance.

Aligning with the Secure Future Initiative

These latest updates are a part of Microsoft’s ongoing efforts to deliver more secure, cloud-native computing experiences.

Windows 365 Cloud PCs have already proven to be helpful for businesses wanting to manage remote endpoints, and these latest security defaults simply show that these platforms are a great solution for hybrid workforces.

*

Your cybersecurity is the most important digital shield between you and those who would love to help themselves to your data. At 24/7 IT Services, we help our clients regain control and confidence in their IT by providing excellent IT Security Solutions, Managed IT Support, Cloud Computing and more. If you need an IT partner, contact us today.

The post Microsoft Bolsters Cloud PC Defences with Default Security Restrictions and Virtualisation Features appeared first on 247 IT Services.

In its latest attempt to keep users safe, Microsoft has announced that it is introducing an important security update for its popular email platforms, Outlook Web and the new Outlook for Windows.

Starting in July 2025, users will no longer be able to open or download .library-ms and .search-ms attachments by default, as the company is set to expand its list of blocked file types to fight the multitude of new and increasingly sophisticated cyber threats.

The update was announced on the Microsoft 365 Message Center on Monday.

Microsoft explained the reasoning behind this update, stating, “As part of our ongoing efforts to enhance security in Outlook Web and the New Outlook for Windows, we’re updating the default list of blocked file types in OwaMailboxPolicy.”

IT administrators are being urged to do the following before the rollout:

• Review existing mail workflows for reliance on .library-ms and .search-ms attachments.
• Pre-emptively adjust the AllowedFileTypes policy if necessary.
• Consult Microsoft’s documentation for the full list of blocked file types and guidance on secure attachment handling via OneDrive or SharePoint.

Focusing on the Threat Vectors Abused in Active Campaigns

The decision to block these particular file types stems from the recent uptick in unrelenting threat activity AKA cyber-attacks.

Windows Library files, which serve as virtual collections of folders and files, were reportedly weaponised in early 2025 in phishing attacks exploiting CVE-2025-24054, a vulnerability that enabled the leak of NTLM authentication hashes.

These attacks specifically targeted government entities and corporate environments.

Along the same vein, the .search-ms URI protocol handler has also been used in phishing and malware attacks that could automatically open Windows Search windows. This chain of exploits has given attackers the power to trick users into executing malicious code by convincing them that they are using legitimate search prompts.

Minimal Operational Disruption is Anticipated

The attachment update is not likely to cause any issues for businesses.

Microsoft has said that since these file types are rarely used in regular business operations, the upcoming change is highly unlikely to have a negative impact for most organisations.

Nevertheless, companies whose workflows do rely on these formats should proactively adjust their OWA Mailbox Policy settings by adding the file types to their AllowedFileTypes list ahead of the rollout of this July update.

Part of a Broader Strategy Against File-Based Exploits

The move to block default attachment downloads is just one part of Microsoft’s broader initiative to reduce the possibility of attacks within its productivity and operating system ecosystems.

In the past several years, the company has gone about deprecating or even completely disabling legacy features that have long been used by hackers and other entities wishing to steal data or cause shutdowns.

Some of the features that have undergone changes includes the default blocking of Office VBA macros, the disabling of Excel 4.0 (XLM) macros, and the planned deprecation of VBScript and ActiveX controls in Microsoft 365 and Office 2024.

By tightening the reins on file attachment types, Microsoft is continuing to reinforce its layered defence approach of protecting users not only through endpoint detection, but by closing off exploit loop holes before they can be triggered.

*

There’s never been a more important time to rethink and enhance your cybersecurity strategy. With the help of 24/7 IT Services, you can get expert IT Security Solutions, Managed IT Support, and more, to keep your company functioning smoothly. Contact us today for more information.

The post Outlook to Block 2 Risky Email Attachments in Security Overhaul appeared first on 247 IT Services.

Can you ever have enough reliable tools to back up your business data?

In November 2024, Microsoft introduced Windows Backup for Organisations during the Ignite conference, a backup solution specifically made for enterprise environments.

The tool is designed to streamline the backup and restoration of Windows settings after device resets, and it is now available in limited public preview.

This new tool is particularly relevant as organisations around the world prepare for the widespread adoption of Windows 11.

The aim of this process is to reduce the administrative burden associated with large-scale upgrades, to minimise disruptions to users, and to improve device resilience against operational incidents.

Availability and Requirements

At the moment, the Windows Backup for Organisations only supports Microsoft Entra joined devices running Windows 10 or Windows 11.

Companies that are interested in testing the tool during the public preview phase will need to sign up using a dedicated form and have an active Microsoft Intune test tenant alongside Microsoft Intune service administrator permissions to use the feature.

Microsoft is encouraging its customers to trial the backup tool during this limited preview, but has said that this is an ongoing development and further enhancements are in the works to ensure that organisations remain prepared for future challenges.

Extended Security Updates and Upgrade Considerations

With Windows 10’s end of service scheduled for 14 October 2025, Microsoft is putting pressure on companies unable to complete their upgrade to Windows 11 to enrol their Windows 10 endpoints in the Extended Security Updates (ESU) programme.

This programme will ensure that these companies will continue to receive security updates after the official end-of-life date.

A New Update Orchestration Platform

Along with the backup tool announcement, Microsoft has also introduced a new update orchestration platform built on the Windows Update stack.

This platform is going to be used to unify the updating process across all applications, drivers, and system components on Windows devices. The hope is to simplify maintenance and improve the overall update reliability.

Other Backup Options Available to UK Businesses

UK businesses have access to a range of backup solutions aside from Microsoft’s tools.

Third-party providers such as Veeam, Acronis, and Veritas can give you a comprehensive backup and disaster recovery service that you can customise according to your needs. These solutions often provide multi-cloud support, advanced encryption, and granular recovery options.

And Microsoft’s own Azure Backup service remains a popular choice, with its scalable cloud-based backup with integration into existing Microsoft ecosystems being rather reliable.

Businesses are always advised to evaluate their backup tools based on factors such as compliance requirements, data sovereignty, and integration capabilities to ensure that they have reliable data protection strategies in place.

*

You can never be too careful with your data backups, and having more than one in use is always the best way to play it safe. At 24/7 IT Services, we can assist you with services like Cloud Computing, Business Continuity and IT Security. Contact us today for more information.

The post Microsoft introduces new Windows backup tool for businesses appeared first on 247 IT Services.

This week Microsoft is turning 50. In April 1975, two childhood friends, Bill Gates and Paul Allen, launched a small software company in a strip mall in Albuquerque, New Mexico.

What began as an ambitious startup has since become one of, if not  the most, influential companies in living memory.

Now, half a century later, Microsoft is the second-largest company in the world, trailing only behind Apple, and it is only becoming stronger as the company continues to go down new and more exciting paths.

The Leader in Operating Systems and Office Software

Microsoft’s first major breakthrough came with the development of MS-DOS, which turned into what we know as the Windows operating system, a system now used in millions of devices worldwide.

Alongside its OS dominance, Microsoft became the go to company for office productivity software. Microsoft Office, once sold on floppy disks and CDs, is now available via Cloud Computing, which has further ensured its supremacy despite having free competitors like Google Docs.

Businesses across the UK and globally still rely fully on Microsoft Office products such as Word, Excel, and Outlook for daily operations, which just goes to show the company’s early innovations still hold their ground.

Unafraid to Try New Things

Over the decades, Microsoft has attempted to add more products and services outside of its software and operating systems, but only enjoyed varying degrees of success.

The company entered the gaming industry in 2001 with the Xbox, which has remained a formidable competitor to Sony’s PlayStation despite trailing in market share. Microsoft also ventured into search engines with Bing in 2009, though it could not compete with Google and Bing remains a mostly unused search engine. One of its more successful expansions, however, was its acquisition of LinkedIn in 2016, which brought the company into the social media industry.

Despite its lukewarm success in other areas, one could say that these have been mostly hobby ventures, as Microsoft’s main focus has always been in the software and operating system arena.

An AI and Cloud Computing Future

With AI becoming the single most talked about tech development in recent years, it is unsurprising that Microsoft has focused a lot of time, money and energy on this industry.

The company is also increasingly taking  an interest in the possibilities of Cloud Computing. Microsoft Azure, its Cloud Computing platform, is currently the second-largest in the world, just behind Amazon Web Services (AWS).

But AI is where Microsoft is set to shine. The company has made significant strides, investing over $14 billion in OpenAI since 2019 and integrating AI-powered tools into its product lineup, like Microsoft 365 Copilot.

However, unlike its biggest competitors, the company lacks its own proprietary AI silicon chips and is instead relying on external suppliers. Whether these investments will cement Microsoft’s place in the AI revolution or leave it playing catch-up remains to be seen.

Fascinating Facts About Microsoft

Microsoft’s history is long and filled with fascinating stories, all of which have shaped this tech giant into the company that it is today. Some interesting facts about its journey include:

• Microsoft’s first software development was a BASIC interpreter for the Altair 8800, a mail-order hobbyist computer that had neither a screen nor a keyboard. It was created without access to an actual Altair and was tested on a Harvard mainframe.
• Microsoft executives very nearly cancelled the Xbox project before its launch, but it’s a good thing they didn’t, as the console ultimately became one of the company’s most successful consumer brands.
• Microsoft initially underestimated the Internet’s potential, only shifting focus after Netscape gained popularity in the 1990s. Bill Gates famously redirected the company towards web-based technology in 1995, a year after Amazon was founded.
• The once-loathed Microsoft Office assistant, Clippy, was scrapped in 2001, but it still appears as an emoji in newer Office applications and remains a beloved internet meme.

*

Microsoft is a household name these days, and some 300 000 UK-based companies use Microsoft products. If you are not yet using a Microsoft product, why not give it a try as the company turns 50? At 24/7 IT Services, we are highly experienced in all things Microsoft, and we provide our clients with a range of services such as Managed IT Support, IT Security, and so much more. Contact us today for more information.

The post Microsoft Celebrates 50 Years of Technological Innovation appeared first on 247 IT Services.

Recently, Microsoft sounded the alarm over StilachiRAT, a newly discovered remote access trojan (RAT) designed to steal sensitive data from compromised systems.

The tech giant’s incident response team first identified the malware in November 2024 and has now issued a public warning, urging businesses to take the necessary proactive security measures to protect themselves.

While StilachiRAT does not appear to be widespread at this moment, its sophisticated evasion techniques and persistence mechanisms make it a real problem, especially for companies handling sensitive financial, corporate, and personal data, and those dealing with crypto currency.

How StilachiRAT Works

StilachiRAT works as a stealthy backdoor that gives cybercriminals remote access to infected systems.

Once deployed, the malware gathers detailed system information and then carries out an extensive search for stored credentials, particularly those linked to cryptocurrency wallet extensions on Google Chrome.

To cause its chaos, these are some of the characteristics it is known to do:

• Extract usernames and passwords that are stored in Chrome.
• Continuously scan for copied credentials, including cryptocurrency keys.
• Monitor Remote Desktop Protocol (RDP) sessions, which potentially allows attackers to move from one side of a network to another.
• Execute various commands, such as rebooting the system, clearing the logs, and modifying registry entries.
• Use the Windows service control manager and watchdog threads to stop it from being removed.

Microsoft has not yet linked StilachiRAT to any known hacking groups or nations, but its complexity suggests that it is a part of a well-funded operation, one with a high level of technical expertise.

Advanced Evasion and Anti-Forensic Techniques

What makes StilachiRAT so different compared to other malware threats, and what makes it rather a scary trojan, is its uncanny ability to totally avoid detection.

Microsoft’s analysis found that the malware actively clears event logs, making it harder for security teams to trace its activity. It also continuously checks for analysis tools and sandbox environments, which has essentially stopped researchers from fully examining its behaviour.

StilachiRAT also scrambles Windows API calls and encodes many of its internal strings, which greatly complicates any attempts at manual analysis.

These measures all ensure that the malware stays hidden for as long as possible, which, as you can imagine, gives it more time to be a problem.

How StilachiRAT Spreads

Microsoft has not spoken about the exact way the trojan spreads, but if we look at similar threats, we can surmise that it is delivered through trojanised software, phishing emails and compromised websites, all of which can be avoided if your staff are well-trained in online security protocols.

*

Online threats are growing, but your business doesn’t have to be vulnerable. When you work with an expert IT company, like 24/7 IT Services, you can rest easy knowing that you and your company data are well protected. For advanced IT Security Solutions, Managed IT Support and more, contact us today.

The post Microsoft Warns of New StilachiRAT Malware Targeting Sensitive Data appeared first on 247 IT Services.

Known for its steady and clear text, voice and video calling services, Skype has been used by millions of users worldwide.

However, the Skype era has come to an end, and this iconic platform is set to be discontinued on 5 May 2025, as Microsoft attempts to guide users towards its more modern communication tool, Microsoft Teams (the free version that is).

Why the Shutdown?

Microsoft says that it is retiring Skype as a part of its broader strategy to streamline its communication platforms and align with the growing demand for unified digital collaboration tools.

Basically, this means their goal is to create a more comprehensive and probably more organised and pleasant digital communication experience for both personal and business users.

What Business Owners Need to Know

Skype has had plenty of tough competition in recent years and while for many, especially those in the younger generation, Skype might be considered quite outdated, in 2023 there was reported to be about 300 million daily users.

For those businesses still relying on Skype, they now have one of two options; move over to Microsoft Teams or find an appropriate alternative communication platform.

To make the switch a little less painful, Microsoft has created a straightforward migration process for Skype users switching to Teams, allowing users to sign into Teams using their existing Skype login details.

This process automatically transfers contacts, message history, and call logs, making the shift as painless as possible.

Those who want to move to other platforms can export their Skype data including messages, contacts, and media files, all of which will remain available for download until January 2026.

If you are planning to move to Teams, this is all you need to do:

1. Download Microsoft Teams from the official website.
2. Sign in using your Skype account logins.
3. Watch as your contacts and chat history automatically sync to Teams.

Once you are set up, you can get acquainted with the new platform’s features, which include video conferencing, group chats, and file sharing. Moving from Skype to Teams will take some getting used to as the layout is rather different.

Microsoft has confirmed that communication between Skype and Teams users will remain possible during the transition period, so you don’t have to worry about disrupting your existing conversations.

Exporting Skype Data

For those wishing to have a record of their Skype communications, exporting the data is also a straightforward process, simply:

1. Visit the Skype Export Page and sign in.
2. Select the type of data you wish to download, such as conversations or files.
3. Submit your request and return later to download the export once it becomes available.

To export contacts, you can go to the My Account page on Skype, select Settings and Preferences, and then choose Export Contacts (.csv) and download your contacts.

The Future of Business Communication

While the retirement of Skype may be a nostalgic moment for many, Microsoft remains committed to supporting users throughout this transition.

Jeff Teper, President of Microsoft 365 collaborative apps and platforms, acknowledged Skype’s legacy, saying, “Skype has been an integral part of shaping modern communications… we are honoured to have been part of the journey.”

As the countdown to May 2025 begins, business owners are encouraged to act sooner rather than later.

*

If you need help with your business communication tools or if you have any other IT-related needs, 24/7 IT Services is here to assist you. From Managed IT Support to VoIP Services, our clients enjoy the very best professional IT solutions, and so can you. Contact us today for more information.

The post The End of Skype (And What You Can Use Instead) appeared first on 247 IT Services.

According to Fortinet, a leading cybersecurity in the United States, the latest version of the Snake keylogger (also known as 404 Keylogger) has been responsible for over 280 million attack attempts since the beginning of 2025!

This malware has been detected executing up to 14 million infection attempts per day, making it one of the worst cyber threats of the year, so far.

How the Snake Keylogger Works

The Snake keylogger is designed to quietly monitor and record keystrokes made by users on infected devices, allowing the cybercriminals to easily gather sensitive information such as passwords, financial details, and personal data.

Once they have their hands on this data, the stolen information is then sent back to the attackers using various channels, such as SMTP email servers, Telegram bots, and HTTP post requests.

This malware is particularly dangerous because it goes well beyond simple keystroke logging.

It can access browser autofill data and then steal personally identifiable information, and even geolocation details.

Cybersecurity experts have warned that both individuals and businesses are at high risk of being exploited, with the potential consequences ranging from unauthorised financial transactions to identity theft and corporate data breaches.

Designed to Evade Detection

The Snake keylogger is built using AutoIT, a Windows-based automation scripting language, which is especially effective when used to infect Windows.  

Once installed, it neatly embeds itself into the system’s Startup folder, allowing it to begin its data theft every time the device is started. Unlike many other malware strains, it does not require administrative privileges to run, making it even more insidious and effective for the attacker.

Security experts have specifically highlighted that the latest version of the Snake keylogger makes use of advanced obfuscation techniques (which are techniques made to hide their attacks) which is disguising its malicious code within legitimate system processes.

This makes it that much harder for antivirus software to detect and remove the malware before it causes damage.

The Growing Threat of Phishing Attacks

Like many other forms of malware, the Snake keylogger primarily spreads through phishing attacks.

Cybercriminals are basically tricking unaware users into downloading the malicious attachments or the users are being tricked into clicking on harmful links in emails that appear legitimate.

Phishing scams are becoming more and more difficult to identify, with attackers convincingly impersonating reputable organisations and using persuasive language to convince recipients to interact with their phishing messages.

How UK Businesses Can Protect Themselves

Given the scale and sophistication of this malware, UK business owners using Microsoft products should take immediate action to check and improve their cybersecurity measures. To reduce the risk of infection, experts recommend that you take the following steps:

• Educate your employees by conducting regular cybersecurity training to help staff recognise phishing attempts and to encourage staff to avoid clicking on suspicious links or attachments.
• Enhance your email security by using advanced email filtering solutions to identify and block phishing emails before they even reach inboxes.
• Keep software updated to ensure that all operating systems, software, and antivirus applications are regularly updated to patch vulnerabilities that malware could exploit.
• Use strong authentication and use multi-factor authentication (MFA) to add an extra layer of security to accounts and sensitive systems.
• Monitor all of your network activity by using detection systems to identify and respond to suspicious activity before it escalates into a security breach.

For those concerned about their cybersecurity setup, consulting with IT security professionals, like 24/7 IT Services, is the best course of action. We provide our clients with expert IT security solutions, managed IT support, and more. Contact us today to book a consultation.

The post A New High-Risk Snake Keylogger is Attacking Windows Users appeared first on 247 IT Services.

The latest CrowdStrike 2024 Global Threat Report has revealed a rather concerning trend as cybercriminals are increasingly abandoning their traditional malware-based attacks in favour of rather more nefarious identity exploitation methods.

According to the report, three out of every four cyberattacks now use stolen credentials rather than malicious software.

This change is introducing us to a troubling new reality, one where businesses with otherwise excellent defence mechanisms are now faced with an attacker who is able to gain access using legitimate credentials, giving them free rein within a company’s network.

“You may have really locked down environments for untrusted external threats, but as soon as you look like a legitimate user, you’ve got the keys to the kingdom,” said Elia Zaitsev, CTO at CrowdStrike.

With a booming underground market for stolen credentials and the rise of AI-driven phishing campaigns, identity is fast becoming the primary battlefield in cybersecurity.

This raises a pressing question for business owners: if an attacker doesn’t need malware to infiltrate a network, how can they be stopped?

Attackers Moving Faster Than Defenders

Speed is one of the most important factors in combating modern cyberattacks.

The CrowdStrike report uncovered the fastest recorded breakout time, which is the time it takes for an attacker to move across a network after gaining access.

To give you an idea of just how fast modern attackers have become, CrowdStrike reported a speed of just 2 minutes and 7 seconds. This means that by the time a business detects a breach, it may already be too late.

Unlike traditional threats, identity-based attacks do not rely on malicious payloads that can be detected by security software.

Instead, cyberattackers are using legitimate credentials to get through the network undetected, using what is known as “living-off-the-land” techniques which means they use built-in system tools to avoid raising the alarm.

Microsoft users should be particularly vigilant, as these techniques exploit widely used authentication and remote access tools. Without the right identity protection measures in place, businesses could find themselves vulnerable to silent intrusions that bypass conventional security.

DDoS Attacks Are Growing in Scale and Complexity

Aside from the worrying rise in identity-based threats, businesses also face an increasing risk from Distributed Denial of Service (DDoS) attacks.

Cloudflare recently halted the largest DDoS attack on record, an unprecedented 5.6 terabit-per-second (Tbps) attack targeting an East Asian telecoms provider. The attack, launched by a Mirai-variant botnet comprising 13 000 hijacked devices, dwarfed the previous record of 3.8 Tbps.

DDoS attacks, which flood websites and online services with overwhelming traffic, are becoming both larger and more frequent.

Microsoft itself fell victim to a major DDoS incident in July 2024, leading to nearly 10 hours of Azure cloud service downtime. Cloudflare’s data shows that the number of DDoS attacks exceeding 1 Tbps surged by 1,885% in just one quarter!

Protecting your Business From Identity-Based Cybercrimes

The days of relying solely on malware detection and perimeter defences are well and truly over.

Attackers no longer need sophisticated exploits when they can simply buy credentials online, phish employees, or manipulate AI-driven authentication systems.

For Microsoft-dependent businesses, now is the time to start adopting zero-trust security frameworks, implementing multi-factor authentication (MFA) on all accounts, and continuously monitoring user behaviour to pick up potential problems before they escalate.

The harsh reality is that failing to prioritise your identity security will leave you defenceless against modern cyber threats.

*

As cybercriminals continue to innovate, outdated security measures may no longer be enough. If you are worried that your digital defences are no longer up to the task, you need the help of an IT company, like 24/7 IT Services. We provide a wide range of IT related services including IT Security Solutions, VoIP and Managed IT Support. Contact us today for a consultation.

The post Identity-Based Cybercrime? Yes, It’s Happening appeared first on 247 IT Services.

Microsoft is making significant changes to its Microsoft 365 subscription, with one of its biggest privacy features set to be removed by the end of this month.

The built-in Virtual Private Network (VPN), which was previously available through the Microsoft Defender app, will no longer be a part of the subscription service from 28th February 2025.

The decision to discontinue the VPN just so happens to coincide with the recent increase in Microsoft 365 subscription fees. While Microsoft has introduced new AI-powered features, businesses relying on the built-in VPN for security and privacy will now need to find an alternative.

Microsoft 365 VPN to Be Discontinued

While the built in VPN was admittedly not the most advanced service and although it did not come with all the bells and whistles one would get from a more sophisticated option, users still greatly benefitted from having an easily available way to protect themselves when browsing the web.

Now, only a few years after it first became available, a Microsoft support statement was released explaining the rationale behind this move. The statement said, “Our goal is to ensure you, and your family remain safer online. We routinely evaluate the usage and effectiveness of our features. As such, we are removing the privacy protection feature and will invest in new areas that will better align to customer needs”

Why Businesses Should Invest in a Private VPN

It should be noted that at the moment, the removal of the VPN is only affecting Personal and Family 365 packages. But it does beg the question: If Microsoft can remove VPN privileges from these users, what would stop it from doing the same to businesses?

With Microsoft withdrawing its VPN offering to some users, businesses should be considering third-party VPN solutions, if they don’t already have such a system in place. With cybersecurity threats constantly on the rise, businesses can’t afford to suddenly lose access to important security tools (or be forced to make extra space in their budgets, at the drop of a hat).

While Microsoft’s VPN is a convenient addition, it was never designed to provide the best or most sophisticated enterprise-grade protection. But a private VPN service does provide several key advantages that Microsoft cannot:

• A business-grade VPN uses stronger encryption protocols and security measures to protect company data from cyber threats.
• Unlike Microsoft’s VPN, which is automatically assigned a region, private VPNs allow businesses to choose their server locations, ensuring unrestricted access to global resources.
• With stricter GDPR regulations in the UK, businesses must ensure their data is encrypted and secure at all times. A private VPN helps maintain compliance by safeguarding sensitive information.

For UK businesses concerned about privacy, the removal of Microsoft 365’s VPN should serve as a wake-up call to invest in a more robust and reliable alternative.

It is more important than ever before for business owners to take proactive steps towards protecting their digital security in an increasingly threat-prone online landscape.

And 24/7 IT Services can help you do just that. With our approach to IT Security Solutions and our expansive Managed IT Support Services, we can help you ensure that your online data stays secure and your IT needs met. Contact us today for more information.

The post Microsoft 365 Drops VPN Feature for Some Users appeared first on 247 IT Services.

Microsoft is quietly implementing a major change to how users sign into their accounts, and for business owners relying on Microsoft’s suite of products; this is news worth paying attention to.

Some in the tech news world were surprised that the announcement was discreetly tucked away in the Microsoft Account Help page. But while this update news has largely flown under the radar, its implications are significant.

Starting in February 2025, Microsoft accounts that are accessed via web browsers or apps will no longer log users out automatically when the browser or app is closed.

Without manually signing out, anyone using the same device afterwards could potentially access private emails, Cloud files on OneDrive, or even the browsing activity tied to the account.

A Security Shift That is Raising Serious Questions

For many users, automatic sign-outs have long been a safety net relied upon when accessing accounts on public or shared devices.

This default security feature, used by countless other platforms as well, ensures that sensitive information isn’t left exposed.

Removing this automatic logout raises an important question: why has Microsoft made this change?

One theory is convenience.

While Microsoft has dedicated apps for its services, a significant number of users still access their accounts through browsers, whether it’s Outlook for emails or OneDrive for file storage. For users accessing accounts on personal devices, removing the need to sign in repeatedly makes sense as it saves time.

However, this small convenience comes at a potentially great cost.

If users forget to manually log out or neglect to use private browsing mode (which will remain an alternative for those concerned about security), their accounts could be left vulnerable to unauthorised access.

This should be particularly concerning for businesses handling sensitive client data or financial information, where even a small lapse in security could have serious repercussions.

Microsoft’s move also mirrors the way Google accounts currently operate, where users remain signed in indefinitely unless they actively log out or enable private browsing. While this has become an accepted norm for many, it has also attracted criticism for introducing unnecessary risks, especially for users who don’t have two-factor authentication enabled.

Implications for Businesses

For businesses that depend on Microsoft’s suite of apps, this change simply highlights the importance of implementing and maintaining tough cybersecurity practices. Without the safety net of automatic sign-outs, it is more important than ever for organisations to encourage employees to adopt safer habits, such as:

• Manually logging out after using shared or public devices.
• Enabling two-factor authentication (2FA) to add an extra layer of security to their accounts.
• Using private browsing mode, particularly when accessing accounts on devices not owned by the organisation.

A Worrying Lack of Transparency

What is perhaps most concerning about this shift is Microsoft’s relatively quiet rollout of the update.

Unlike other major policy changes, which are often accompanied by prominent announcements or user notifications, this decision has been buried in the company’s support pages. For a change with such significant security implications, a clearer and more publicised communication strategy would have certainly been the better approach.

Since the update is set to take effect in February 2025, businesses have little time to prepare.

And while Microsoft could still introduce warning messages or pop-ups to remind users that they will remain logged in unless they take specific actions, it is best to be proactive to the change, and start logging out of apps accessed by browsers now.

*

Need help with your business IT Security? Or maybe you need Managed IT Support or a reliable VoIP provider? At 24/7 IT Services, we help companies like yours. Contact us today for more information.

The post Microsoft’s Quiet Login Update Could Impact Your Business Security appeared first on 247 IT Services.