Skip to content
You can now search across every topic, entity and event.What's new
Microsoft
OrganisationUS

Microsoft

Global software and cloud giant; Azure, M365, Intune; DMA probe and US cloud sovereignty risk.

Last refreshed: 24 June 2026 · Appears in 5 active topics

Key Question

Microsoft admitted to the French Senate it cannot guarantee French data stays in France: what does that mean for its European cloud business?

Timeline for Microsoft

#1014 Jul

Mentioned in: A quiet KEV fortnight, then a 2008 bug

Cybersecurity: Threats and Defences
#1013 Jul
#109 Jul

Shipped an out-of-band Defender engine update patching RoguePlanet

Cybersecurity: Threats and Defences: Microsoft ends the Nightmare Eclipse run
#166 Jul

Cut 4,800 jobs on 6 July 2026

AI: Jobs, Power & Money: Microsoft cuts 4,800, denies AI did it
#91 Jul

BlueHammer turns into a ransomware step

Cybersecurity: Threats and Defences
View full timeline →
Common Questions
Why did Kenya suspend the Microsoft data-centre project at Olkaria?
Kenya suspended the $1 billion Microsoft-G42 geothermal campus at Olkaria because the full 1 GW target would draw roughly a third of Kenya's entire installed national capacity of approximately 3 GW. President Ruto said building it would mean switching off half the country.Source: Lowdown data-centres update
What is Microsoft's out-of-band patch KB5091157 for?
KB5091157 is an emergency Windows Server patch issued by Microsoft in April 2026, fixing LSASS reboot loops on domain controllers with Privileged Access Management enabled. It affected Windows Server 2016 through 2025.Source: Microsoft / MSRC
Is Microsoft Azure safe from GRU hacking?
In April 2026 NCSC confirmed GRU Unit 26165 (APT28) was hijacking home routers to steal Microsoft 365 OAuth credentials. Microsoft services are a primary target for Russian state cyber operations.Source: Lowdown

Background

Microsoft is among the world's most valuable companies by market capitalisation, founded by Bill Gates and Paul Allen in 1975. Its Azure cloud platform competes directly with Amazon Web Services and Google Cloud for enterprise AI workloads. GitHub Copilot, its AI coding assistant, is the most widely adopted developer AI tool; Microsoft 365 Copilot embeds generative AI across its Office suite. The company's AI bet is the largest capital allocation in its history.

The European Commission opened DMA cloud gatekeeper probes against both Azure and AWS in late 2025, with the US administration countering via a Section 301 investigation branding the DMA rules as 'economic warfare.' Microsoft previously acknowledged before the French Senate that it could not guarantee French customer data held on Azure would never be disclosed under US legal orders, the same CLOUD Act exposure that led France's SecNumCloud to require explicit immunity from non-EU access as a sovereign qualification condition. Its CLOUD Act exposure makes it ineligible for the highest tiers of EU sovereign cloud procurement, a structural constraint that will persist regardless of quarterly revenue performance.

Microsoft posted a record quarter driven by AI cloud revenue in early 2026, with Azure growth accelerating as enterprises migrate workloads to its AI infrastructure.

Microsoft's enterprise ubiquity makes it a persistent attack surface across multiple adversary tracks. APT28 (GRU Unit 26165) exploited home routers to Conduct credential theft targeting Microsoft 365 OAuth tokens, per an NCSC advisory backed by FBI. A 17-year-old Office Remote Code Execution vulnerability returned to CISA's Known Exploited Vulnerabilities catalogue in early 2026. Handala, an Iran-linked hacktivist group, wiped between 80,000 and 200,000 Stryker devices globally by exploiting a single stolen Microsoft Intune administrator credential in March 2026.

In April 2026, Microsoft issued out-of-band emergency patch KB5091157 for Windows Server 2016-2025, fixing LSASS reboot loops on Privileged Access Management-enabled domain controllers, a fault in a security-hardening configuration. The Intune credential-abuse precedent and the KB5091157 PAM-environment fault together underscore the attack surface that comes with Microsoft's position as the de facto identity and device management backbone for global enterprise.

A separate, contested disclosure dynamic emerged in June 2026. A security researcher using the handle 'Nightmare Eclipse' published CVE-2026-50656, a TOCTOU race condition in Windows Defender rated CVSS 7.8, without coordinating with Microsoft; this is the fifth in a series of uncoordinated Windows disclosures since March 2026 that the researcher circulates as the 'Chaotic Eclipse' series. Microsoft confirmed a fix is in development with no timeline given, and restated its opposition to uncoordinated disclosure. The patch status, CVSS scores, and total count for the broader series remain single-sourced from the researcher; no independent verification has been published.

Microsoft's direct data-centre footprint extends into emerging-market geothermal territory. In early May 2026, Kenya's government suspended the $1 billion Microsoft-G42 geothermal campus at Olkaria in the Rift Valley after projections showed the full 1 GW target would draw roughly a third of Kenya's entire installed national capacity of approximately 3 GW. President Ruto stated that building the full project as scoped would mean switching off half the country. The suspension illustrates the grid-capacity ceiling that constrains even well-resourced data-centre ambitions in markets with abundant natural resources but constrained transmission. Microsoft's Olkaria partnership with G42 was framed as a flagship sovereign-AI anchor for East Africa; the suspension leaves it in an uncertain state alongside the broader G42 strategic relationship that a 2024 US government-backed technology-sharing arrangement was designed to reinforce.

More questions
What is the DMA cloud probe against Microsoft?
The European Commission opened a Digital Markets Act cloud gatekeeper investigation against Microsoft Azure and AWS in late 2025. The probe could mandate interoperability standards that lower switching costs for European customers. The US countered with a Section 301 investigation calling the DMA rules Economic warfare.Source: Lowdown
Will Microsoft's AI spending pay off?
Barclays analysis warns that sustained AI capital expenditure at current levels could significantly reduce Big Tech free cash flow. Whether enterprise AI revenue grows fast enough to justify the spending remains the central question for Microsoft investors.Source: Lowdown
How much is Microsoft making from AI in 2026?
Microsoft posted a record quarter in early 2026 driven by AI cloud revenue. Azure growth accelerated as enterprises migrated workloads to Microsoft's AI infrastructure, validating its massive capital expenditure.Source: Lowdown
Is Microsoft Azure subject to the US CLOUD Act?
Yes. Microsoft acknowledged before the French Senate in 2025 that it cannot guarantee French customer data on Azure would never be disclosed under US legal orders. This CLOUD Act exposure makes Azure ineligible for the highest tiers of EU sovereign cloud procurement under France's SecNumCloud and the EU's SEAL-3 framework.Source: French Senate / SecNumCloud
How did Handala hack 200,000 Stryker devices using Microsoft Intune?
Handala Hack obtained a single stolen Microsoft Intune administrator credential in March 2026. Using the Intune MDM console — with no malware deployed — they issued a factory-reset wipe command across 80,000–200,000 Stryker devices in 79 countries.Source: Stryker 8-K/A / Krebs on Security
What is Microsoft Copilot?
Microsoft offers two Copilot products: GitHub Copilot for developers and Microsoft 365 Copilot across Word, Excel, and other Office apps. Both use large language models to generate and edit content.
Source Material