Microsoft Entra Backup and Recovery entered preview on March 19, 2026, bringing native rollback for users, groups, Conditional Access policies, and other critical directory objects. After testing a real recovery against a cloud-only user with a single attribute change, the restore itself took seconds. The difference report that preceded it took over an hour. This article explains why that timing is expected, what the five-day retention window actually means for your recovery posture, and where the feature falls short of being a complete answer.
Month: March 2026
Microsoft patched CVE-2026-26133 on March 11, 2026 — a cross-prompt injection vulnerability in Copilot’s email and Teams summarization that let attackers shape what your AI told you, without a single attachment or macro. The specific exploit is closed. But the attack exposed something a patch alone cannot fix: Copilot trusts the content it reads, and in a misconfigured tenant, that trust is a liability. Here is what happened, why it matters beyond the CVE, and what admins should actually do about it.
