How much is Microsoft making from AI in 2026?: Microsoft posted a record quarter in early 2026 driven by AI cloud revenue. Azure growth accelerated as enterprises migrated workloads to Microsoft's AI infrastructure, validating its massive capital expenditure.Source: Lowdown
What is the DMA cloud probe against Microsoft?: The European Commission opened a Digital Markets Act cloud gatekeeper investigation against Microsoft Azure and AWS in late 2025. The probe could mandate interoperability standards that lower switching costs for European customers. The US countered with a Section 301 investigation calling the DMA rules Economic warfare.Source: Lowdown
Is Microsoft Azure safe from GRU hacking?: In April 2026 NCSC confirmed GRU Unit 26165 (APT28) was hijacking home routers to steal Microsoft 365 OAuth credentials. Microsoft services are a primary target for Russian state cyber operations.Source: Lowdown
What is Microsoft Copilot?: Microsoft offers two Copilot products: GitHub Copilot for developers and Microsoft 365 Copilot across Word, Excel, and other Office apps. Both use large language models to generate and edit content.
Will Microsoft's AI spending pay off?: Barclays analysis warns that sustained AI capital expenditure at current levels could significantly reduce Big Tech free cash flow. Whether enterprise AI revenue grows fast enough to justify the spending remains the central question for Microsoft investors.Source: Lowdown
What is Microsoft's out-of-band patch KB5091157 for?: KB5091157 is an emergency Windows Server patch issued by Microsoft in April 2026, fixing LSASS reboot loops on domain controllers with Privileged Access Management enabled. It affected Windows Server 2016 through 2025.Source: Microsoft / MSRC
How did Handala hack 200,000 Stryker devices using Microsoft Intune?: Handala Hack obtained a single stolen Microsoft Intune administrator credential in March 2026. Using the Intune MDM console — with no malware deployed — they issued a factory-reset wipe command across 80,000–200,000 Stryker devices in 79 countries.Source: Stryker 8-K/A / Krebs on Security
Is Microsoft Azure subject to the US CLOUD Act?: Yes. Microsoft acknowledged before the French Senate in 2025 that it cannot guarantee French customer data on Azure would never be disclosed under US legal orders. This CLOUD Act exposure makes Azure ineligible for the highest tiers of EU sovereign cloud procurement under France's SecNumCloud and the EU's SEAL-3 framework.Source: French Senate / SecNumCloud
Why is Russia targeting Microsoft 365 accounts in 2026?: APT28 (GRU Unit 26165) exploited home router vulnerabilities to hijack DNS and intercept Microsoft 365 OAuth token flows, targeting Microsoft 365 accounts of government and critical infrastructure organisations. The NCSC and FBI issued a joint advisory in April 2026.Source: NCSC / FBI advisory
What is the EU DMA investigation into Microsoft Azure about?: The European Commission opened a DMA cloud gatekeeper probe into Microsoft Azure in late 2025, examining whether Azure's practices restrict interoperability and raise switching costs for enterprise customers in the EU cloud market.Source: European Commission

Background

Microsoft is among the world's most valuable companies by market capitalisation, founded by Bill Gates and Paul Allen in 1975. Its Azure cloud platform competes directly with Amazon Web Services and Google Cloud for enterprise AI workloads. GitHub Copilot, its AI coding assistant, is the most widely adopted developer AI tool; Microsoft 365 Copilot embeds generative AI across its Office suite. The company's AI bet is the largest capital allocation in its history.

The European Commission opened DMA cloud gatekeeper probes against both Azure and AWS in late 2025, with the US administration countering via a Section 301 investigation branding the DMA rules as 'economic warfare.' Microsoft previously acknowledged before the French Senate that it could not guarantee French customer data held on Azure would never be disclosed under US legal orders — the same CLOUD Act exposure that led France's SecNumCloud to require explicit immunity from non-EU access as a sovereign qualification condition. Its CLOUD Act exposure makes it ineligible for the highest tiers of EU sovereign cloud procurement, a structural constraint that will persist regardless of quarterly revenue performance.

Microsoft posted a record quarter driven by AI cloud revenue in early 2026, with Azure growth accelerating as enterprises migrate workloads to its AI infrastructure.

Microsoft's enterprise ubiquity makes it a persistent attack surface across multiple adversary tracks. APT28 (GRU Unit 26165) exploited home routers to conduct credential theft targeting Microsoft 365 OAuth tokens, per an NCSC advisory backed by FBI. A 17-year-old Office Remote Code Execution vulnerability returned to CISA's Known Exploited Vulnerabilities catalogue in early 2026. Handala, an Iran-linked hacktivist group, wiped between 80,000 and 200,000 Stryker devices globally by exploiting a single stolen Microsoft Intune administrator credential in March 2026.

In April 2026, Microsoft issued out-of-band emergency patch KB5091157 for Windows Server 2016–2025, fixing LSASS reboot loops on Privileged Access Management-enabled domain controllers — a fault in a security-hardening configuration. The Intune credential-abuse precedent and the KB5091157 PAM-environment fault together underscore the attack surface that comes with Microsoft's position as the de facto identity and device management backbone for global enterprise.

Source Material

Official website Microsoft