Three defaults. Three deadlines.
First SFI deadline is May 28. Two more follow in June and August
Microsoft is changing three tenant defaults this summer. Two break automation. One blocks federated sign-ins. All three are landing whether you saw the announcements or not, and the earliest “act by” date is May 28.
The pattern matters more than any single change. Microsoft’s Secure Future Initiative has been an aspirational marketing campaign since 2023. This is the month it stops being aspirational.
🔥 Escape ticket hell. Become a detection engineer by building 11 production Azure detections in 90 days, mapped to APT29, Scattered Spider, Silk Typhoon, Octo Tempest. $497 for first 10 seats. Start with the free lab here
In This Issue
Three Entra defaults are changing this summer, and one of them needs action by May 28
Defender for Cloud just landed in the Defender portal, and the old recommendation format has a July 30 expiration
A new Defender for Endpoint preview lets you scope which response actions can run on Tier-0 assets
If you have a script still calling
Install-Module AzureAD, it stopped working seven months agoThe Security Alert Triage Agent doc-commit pattern keeps building, but Microsoft hasn’t called GA yet
Three Entra Defaults Are Changing This Summer | June and August 2026
The Secure Future Initiative has been a slow-rolling marketing arc since 2023. This week, three Message Center posts confirmed the rollout schedule. Three tenant-default changes are landing this summer, and the earliest one requires action by May 28.
If your team paid attention to SFI announcements when they shipped, none of this is surprising. If you didn’t, this is your last reasonable window to catch up.
Exchange API Consent Tightening for Eight Graph Permissions | Rollout Early June 2026
Eight Microsoft Graph delegated permissions are moving from user-consentable to admin-consentable in the Microsoft-managed default user consent policy. If your tenant uses that default, third-party apps requesting these permissions will start hitting “admin approval required” prompts in June.
The eight permissions are: Contacts.ReadWrite, Contacts.Read.Shared, Contacts.ReadWrite.Shared, People.Read, Tasks.ReadWrite, Tasks.Read, Tasks.ReadWrite.Shared, and Tasks.Read.Shared.
What this means in practice: helpdesk gets tickets in June from users hitting consent prompts on third-party productivity apps that worked fine the day before. Apps already approved and existing user consents are not impacted. Tenants on custom user consent policies are not affected at all.
What it doesn’t do: this isn’t blocking apps from accessing data. It’s moving the consent decision from the user to the admin. Apps you trust can still be added to the Mail client policy to allow continued user consent.
Rollout window: early June 2026 to early July 2026.
Action this week: go to Entra admin center, Enterprise applications, Consent and permissions. If your tenant is on the Microsoft-managed default user consent policy, audit your third-party apps that use any of the eight permissions above. Configure the admin consent workflow if it isn’t already enabled, otherwise your helpdesk inherits a queue of “admin approval required” requests with no place to route them.
Source: MC1304287
App Instance Lock Default for New Entra Apps | Act By May 28, 2026
App Instance Lock is being enabled by default for newly created Entra applications. Sensitive service principal properties get protected automatically. Attempts to modify them on a locked app return a 400 Bad Request.
This isn’t new functionality. App Instance Lock has been available since March 2023. Apps created through the Entra admin center have had it enabled by default since 2024. Apps created via the Microsoft Graph application API got the default in March 2024. The June rollout closes the last gap: every newly created application, regardless of creation path.
What this means in practice: if you have CI/CD pipelines, Terraform, or other IaC automation that creates an Entra app and then immediately updates protected properties (passwordCredentials, keyCredentials with usage Sign or Verify, tokenEncryptionKeyId), the update step starts failing in June with a 400 error.
What it doesn’t do: existing apps are not affected. This only applies to apps created after the rollout window opens.
Rollout window: early June 2026 to late June 2026.
Action by May 28: review every script or pipeline that creates an Entra app and then modifies it. If post-creation property updates are required, the fix is to explicitly disable App Instance Lock on that specific app via the servicePrincipalLockConfiguration property. Don’t disable the default tenant-wide; do it per-app where actually needed.
Source: MC1300584
FederatedTokenValidationPolicy Stricter Defaults | Act By August 11, 2026
Federated sign-ins will be blocked when the internalDomainFederation does not match the user’s UPN domain. The block returns the specific error AADSTS5000820: Sign-in blocked by Federated Token Validation policy.
This already applies to federated domains added since December 2025. In mid-August 2026, it extends to all existing federated domains with an internalDomainFederation object. If your organization stood up AD FS federation before December 2025, August is when you join the stricter default.
What this means in practice: if you actually rely on cross-domain federated sign-ins (one UPN domain authenticating through a different domain’s federation trust), they’ll fail starting in August. Most organizations don’t run this configuration intentionally. But if your federation setup was historically permissive, this is your six months of notice.
What it doesn’t do: there’s no change to user experience unless cross-domain federated sign-ins are currently occurring in your environment. The block is targeted.
Rollout window: mid-August 2026.
Action by August 11: pull your internalDomainFederation objects via Microsoft Graph. Check which UPN domains route to which federation trust. If you find cross-domain sign-ins, you have two options: fix the federation configuration (recommended), or create a custom federatedTokenValidationPolicy with rootDomains = none (Microsoft explicitly calls this “strongly discouraged” in the MC post).
Source: MC1303719
Honest Take on the SFI Wave
Microsoft’s framing on all three of these is “Secure Future Initiative progress.” That framing is technically accurate but misses what readers need to know. Each change has been documented as a Microsoft goal for over two years. The June and August rollouts are the moment SFI commitments stop being a roadmap and start changing your tenant.
These are good security changes. They close gaps that attackers have been working in. The honest practitioner question isn’t whether the changes are correct. It’s whether your team’s automation, federation configuration, and app consent posture are caught up. If not, you have between two weeks and three months to get there.
Defender for Cloud GA in the Defender Portal | May 5, 2026
Microsoft Defender for Cloud is now generally available in the Microsoft Defender portal. The Preview shipped in November 2025; the GA dropped on May 5, 2026. With the GA came an attached deprecation deadline: legacy grouped recommendations in the Azure portal are being retired on July 30, 2026.
If your SOC has been switching between security.microsoft.com for threat detection and portal.azure.com for cloud posture management, the second tab just became optional. Cloud posture, attack path analysis, asset inventory, secure score, and recommendations now all live in the Defender portal alongside Defender XDR.
What this means in practice: cross-cloud RBAC just got better. The new Cloud Scopes feature lets you group Azure subscriptions, AWS accounts, and GCP projects into logical scopes with their own access boundaries. SOC analysts who’ve been getting broad tenant-wide cloud access because cross-cloud granular permissions were a nightmare can finally be scoped properly. That’s the real Monday-morning change, and Microsoft’s launch blog doesn’t lead with it.
What it doesn’t do: this isn’t a forced migration yet. The Azure portal still works for Defender for Cloud. The classic Secure Score is still available in the Azure portal. But the new risk-based Cloud Secure Score is Defender-portal only, so any team optimizing for the new score formula has to be in the Defender portal.
The July 30 Deprecation, in Plain English
The old “grouped recommendations” model where multiple findings were aggregated under a single recommendation goes away. Each finding becomes its own individual recommendation. If you have automation, governance rules, exemptions, Azure Resource Graph queries, or dashboards keyed to grouped recommendation IDs, they break on July 30.
The same week as the GA, two more announcements landed. The Defender for Cloud and GitHub Advanced Security integration went GA on May 3, surfacing runtime context from Defender for Cloud directly inside GHAS dashboards. And the Defender for Containers sensor Helm installation moved from install scripts to direct chart deployment on May 6, with environment-specific commands for AKS, EKS, and GKE.
Action this week: read the Defender for Cloud transition guide and inventory automation that references grouped recommendation IDs. Run a sample Azure Resource Graph query against the new individual recommendation model to confirm your queries still return the data you expect.
Source: Defender for Cloud release notes
Defender for Endpoint Selective Response Actions for High-Value Assets | Preview, May 2026
Defender for Endpoint added a new preview feature this month: Selective Response Actions. It lets you tailor which high-impact security operations can run on specific devices during onboarding.
If you’ve ever paused before letting Defender auto-isolate a domain controller, or worried that automatic investigation would lock you out of a production database server during an incident, this is the feature. It’s purpose-built for Tier-0 systems and other high-value assets where blast radius matters more than blast speed.
What this means in practice: during device onboarding, you can scope which response actions are permitted on that device. The most aggressive automations can be restricted on critical infrastructure while still allowing investigation and visibility. The trade-off you’ve been making by hand for years now has a configuration surface.
What it doesn’t do: this is configured during onboarding, not retroactively. Existing devices already onboarded with default response action policies aren’t automatically scoped. If you want to roll this out to critical assets, you’re doing it via new onboarding workflows.
This is Preview. Treat it as evaluation, not deployment.
Action this week: read the Selective Response Actions documentation. Identify which Tier-0 assets in your environment would benefit. Plan a re-onboarding workflow for the next maintenance window if it fits.
Source: MDE What’s New
👀 On Our Radar
Sentinel UEBA with AI features. Sentinel docs got a substantial update on May 6 from Microsoft, titled “UEBA new ai,” with roughly +160/-97 lines across the entity behavior analytics enablement docs, feature availability, and what’s new pages. The volume suggests a feature drop, not docs polish. But the Defender XDR What’s New page hasn’t been updated past March 2026, and the Unified SecOps What’s New hasn’t been updated past February. We’re flagging this as an early signal, not a confirmed announcement. If you’re running UEBA Essentials (which shipped with 30+ prebuilt queries in February), the AI layer appears to be landing on top. No action required yet. We’ll cover this in detail when it confirms.
Security Alert Triage Agent GA watch. Continuing the thread from May 3. Video embeds were added to the security-alert-triage-agent and threat hunting agent docs on May 5. That’s consistent with the GA-push pattern, but the Defender XDR What’s New page hasn’t yet called GA. If you’ve built runbooks that reference “preview” markers in alert tuning documentation, the wording is shifting under you. We’ll cover this in detail when it confirms.
MDI v2 vs v3 sensor outdated alert split. Microsoft split the “Sensor outdated” health alert into v2 and v3 entries on May 6, with version-specific resolution steps. That’s the docs pattern that usually precedes a v2 deprecation date. The MDI What’s New page hasn’t yet posted one. If you still have v2.x sensors deployed and your v3.x migration was on the back burner, this is your early warning to schedule it.
📋 What You Should Actually Do This Week
🚨 CRITICAL (May 28, 2026):
Review every script, IaC pipeline, or Terraform module that creates an Entra application and then updates protected service principal properties. App Instance Lock becomes the default for new apps starting in June, and pipelines that worked yesterday will start returning 400 Bad Request errors. The fix per app: explicitly disable App Instance Lock via servicePrincipalLockConfiguration if post-creation updates are required. Don’t disable the tenant-wide default.
🚨 CRITICAL (July 30, 2026):
Audit Defender for Cloud automation, governance rules, exemptions, and Azure Resource Graph queries for references to grouped recommendation IDs. Migrate to the new individual recommendation model using Microsoft’s transition guide. The grouped recommendations are removed on July 30, and queries keyed to old IDs return empty after that date.
⚠️ HIGH PRIORITY (This Week):
If you have any PowerShell script, scheduled task, runbook, or build agent that still calls Install-Module AzureAD or Install-Module AzureADPreview, those scripts have been broken since October 2025. Microsoft’s own Entra PowerShell pipeline just confirmed it on May 8 by removing the dependency from their build. Run a recursive grep across your script repositories for Install-Module AzureAD and Connect-AzureAD today. Migration path is the Microsoft Graph PowerShell SDK.
Audit third-party apps in your tenant that use the eight Microsoft Graph permissions changing default consent behavior in June (Contacts.ReadWrite, Contacts.Read.Shared, Contacts.ReadWrite.Shared, People.Read, Tasks.ReadWrite, Tasks.Read, Tasks.ReadWrite.Shared, Tasks.Read.Shared). Configure the admin consent workflow if it isn’t already enabled.
📋 MEDIUM PRIORITY (Before Month-End):
Evaluate Defender for Endpoint’s new Selective Response Actions feature (Preview) for your Tier-0 assets. Plan re-onboarding workflows for the next maintenance window if you decide it fits your environment.
Pull your internalDomainFederation objects via Microsoft Graph if you run AD FS or federated authentication. Cross-domain federated sign-ins are blocked starting in mid-August. Six months of lead time, but identity teams don’t typically have spare capacity in August.
Review the new Defender for Cloud Cloud Scopes feature if your SOC manages cross-cloud workloads. Scoping AWS and GCP access from a single place is the practical win in the GA.
📎 LOW PRIORITY (Nice to Have):
If you’re running ASIM parsers for Microsoft 365 Defender process events, refresh the ProcessEvent M365D parser. A new TargetUserSessionId field landed on May 6.
Looking Ahead
May 13, 2026: Patch Tuesday.
May 28, 2026: act-by date. Review automation that creates and updates Entra apps before the June rollout begins.
Early June through late June 2026: rollout window. App Instance Lock enabled by default for new Entra apps.
Early June through early July 2026: rollout window. Eight Exchange-related Microsoft Graph permissions move to admin-consent default.
July 30, 2026: Defender for Cloud legacy grouped recommendations deprecated. Individual recommendations replace them. Update queries, automation, and governance rules before then.
August 11, 2026: act-by date. Review federation configurations before the stricter default takes effect.
Mid-August 2026: federatedTokenValidationPolicy enforced for federated domains added before December 2025.
March 31, 2027: Microsoft Sentinel in the Azure portal retires. Defender portal only after that date.
💡 Escape ticket hell.
Build the portfolio that gets you into six-figure detection engineering roles.
11 production Azure detections in 90 days. Mapped to APT29, Scattered Spider, Silk Typhoon, Octo Tempest. Built in your own Sentinel lab. Shipped to a GitHub portfolio that answers “walk me through a detection you’ve built” eleven times over.
You read the threat report, simulate the attack, hunt the evidence, write the KQL, tune it, ship it. By Week 13 your GitHub looks like a senior detection engineer’s.
You get:
11 detections you built, attacked, and documented
Deployable Azure lab (Bicep, Sentinel, Log Analytics)
Direct DM access to me, 24hr response
Verifiable certificate on completion
Linkedin and resume review
13 weeks. Self-paced. 5 to 7 hrs/week.
Founding cohort (first 10 seats): $497. Jumps to $997 at seat 11.
Start with the free lab. Join today!
📚 About Adversary Lab
Azure security news for practitioners. No fluff, just the updates to stay ahead.
📤 Worth sharing? Forward it.
Charles Garrett | LinkedIn | theadversarylab.com
See you in the next one! 👋