Microsoft

• Azure Sign-In Log Bypasses: When 'Check the Logs' Isn't Enough March 20, 2026

  TrustedSec has now found four Azure Entra ID sign-in log bypasses since 2023. The latest two returned fully functioning tokens without any log entry. All are patched -- but organisations that relied on sign-in logs for detection need to reassess what they might have missed. Here's the pattern, the detection opportunity, and what to do.

• When IT incidents become patient harm: Stryker, surgery delays, and the CISA Intune advisory March 20, 2026

  The March 11 Stryker cyberattack delayed surgeries the week of March 16. Personalised implants couldn't be shipped because the ordering systems were down. CISA named the attack vector -- Microsoft endpoint management -- and issued an urgent advisory. What this means for healthcare IT and for anyone running Microsoft infrastructure in critical functions.

• Microsoft's FedRAMP Authorization: Security Theater at Federal Scale March 18, 2026

  ProPublica's investigation reveals that FedRAMP reviewers internally called Microsoft's GCC High documentation 'a pile of shit' and couldn't verify its encryption practices -- then approved it anyway because it was already too widely deployed to reject. What the story reveals about compliance theater in enterprise cloud security.