Microsoft Enhances MSA Signing Security with Azure Confidential VMs Post-Storm-0558 Breach
Apr 22, 2025
Identity Management / Cloud Security
Microsoft announced on Monday the migration of its Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and is currently in the process of transitioning the Entra ID signing service. This move follows updates made about seven months ago to Microsoft Entra ID and MS for both public and U.S. government clouds, enabling the generation, storage, and automatic rotation of access token signing keys using the Azure Managed Hardware Security Module (HSM) service. “These enhancements aim to mitigate the vulnerabilities we believe were exploited in the 2023 Storm-0558 attack,” stated Charlie Bell, Executive Vice President for Microsoft Security, in a pre-publication post shared with The Hacker News. Microsoft also highlighted that 90% of identity tokens from Microsoft Entra ID for its applications are validated by a robust identity Software Development Kit (SDK), with 92% of employee…
Identity Management / Cloud Security
Microsoft Enhances MSA Signing Security with Azure Confidential VMs Post Storm-0558 Breach On April 22, 2025, Microsoft announced a significant upgrade to its Microsoft Account (MSA) signing service, relocating it to Azure confidential virtual machines (VMs). This move comes as part of a broader effort to enhance security measures following…
Microsoft Enhances MSA Signing Security with Azure Confidential VMs Post-Storm-0558 Breach
Apr 22, 2025
Identity Management / Cloud Security
Microsoft announced on Monday the migration of its Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and is currently in the process of transitioning the Entra ID signing service. This move follows updates made about seven months ago to Microsoft Entra ID and MS for both public and U.S. government clouds, enabling the generation, storage, and automatic rotation of access token signing keys using the Azure Managed Hardware Security Module (HSM) service. “These enhancements aim to mitigate the vulnerabilities we believe were exploited in the 2023 Storm-0558 attack,” stated Charlie Bell, Executive Vice President for Microsoft Security, in a pre-publication post shared with The Hacker News. Microsoft also highlighted that 90% of identity tokens from Microsoft Entra ID for its applications are validated by a robust identity Software Development Kit (SDK), with 92% of employee…