Weekly Security Roundup: Microsoft 365 Phishing and Fabric Governance

Security updates feature ongoing phishing threat analysis for Microsoft 365 and new centralized data governance features in Microsoft Fabric.

Exploiting Email Routing and Authentication Gaps in Microsoft 365

Microsoft’s threat research details how attackers use mail routing gaps and weak authentication (SPF, DKIM, DMARC) to launch phishing. Methods include spoofing, manipulation of names and sender data, and PhaaS kits like Tycoon2FA targeting defenses. Recommendations build on recent discussions of layered security. Enforcing strict authentication, reviewing mail flow, and leveraging Defender features are reinforced, together with stronger multi-factor authentication using Entra ID. For security teams, the report offers practical Kusto queries, guidance for Defender XDR and Sentinel, steps for credential and rule resets, and links to automation resources.

• Spoofed Phishing Emails Exploiting Routing and Protection Misconfigurations

Centralized Security Governance in Microsoft Fabric

Microsoft Fabric centralizes security reporting in OneLake Catalog’s Govern tab, now covering sensitivity labeling across Lakehouses, Warehouses, and Reports, and identifying potentially unprotected data. Admins see compliance status and scan history for prompt remediation. Copilot aids investigation, supporting more effective response to policy violations. Teams are advised to transition from Purview Hub reporting, as Microsoft plans to retire the old reporting system in 2026.

• Enhanced Security Governance in Microsoft Fabric: Admin Report Now in OneLake Catalog Govern Tab