Arch Technologies

Pay attention to this fake “Microsoft” scam.

If an email asks you to enter a verification code on Microsoft's login page, don't enter the code. That request is the giveaway for a phishing technique called device code phishing, which has hit over 340 organizations across the US, Canada, and Europe since February.

What makes this attack dangerous is that it bypasses Multi-Factor Authentication entirely, even strong MFA. The attacker is tricking you into authorizing their device into your Microsoft 365 tenant.

You get an email about a shared SharePoint document, a payroll bonus PDF, or a meeting invitation from someone who looks legitimate.

The link sends you to login.microsoftonline.com, which is the real Microsoft login page. The page asks you to type in a short verification code that was included in the email. You enter it and move on with your day.

But what you did was approve the attacker's device into your Microsoft 365 environment. They now have a valid access token tied to your account. They can read your email, download your files, and set up mailbox forwarding rules without ever needing your password again.

A turnkey phishing kit called EvilTokens started selling on Telegram in February 2026, which means even low-skill attackers can run these campaigns at scale. To shut this attack down inside your business:

✅Block device code authentication flow in Entra ID for users who don't need it. This protocol was designed for devices with limited input, which most office staff don't use. Open Conditional Access and create a policy that blocks device code flow by default.

✅Train your team. Microsoft will never email you a verification code to enter on its login page. If a user gets an email instructing them to enter a code into
login.microsoftonline.com, the email is phishing, no matter how legitimate the sender looks.

✅Use phishing-resistant MFA where possible, like FIDO2 hardware keys or Windows Hello for Business.

Authenticator app prompts are better than nothing, but they don't protect against this specific technique.

If you don't know how to do these things, let us know and we’ll help you out.

A new study shows that 73% of people are choosing tech that lasts over flashy new upgrades. The "death of the flex" means we value reliability more than ever. Do you prioritize a device that works perfectly or one that has the newest features?


https://www.pcmag.com/articles/death-of-the-flex-why-73-percent-stick-with-old-tech-over-fancy-upgrades

Sorry, Big Tech: 73% of People Don't Care About Fancy Upgrades. Here's What They Really Want Splashy launches and minimal improvements are no longer doing it for consumers. Our survey shows that they're holding onto their devices as long as they still work.

Over 220 zettabytes of data will be created this year alone. Managing that much information requires smarter organization, not just bigger hard drives. How are you keeping your digital files organized in this age of information overload?

Amount of Data Created Daily (2026) Statistics related to data creation per day and over time.

Tablets have officially become the standard interface for everything from hospital bedsides to construction sites. Digital charting and mobile signatures are saving hours of manual entry. How could going mobile-first improve your team's workflow?

From Presentations to Point-of-Sale: How Businesses Use Tablets Daily - IT Supply Chain From Presentations to Point-of-Sale: How Businesses Use Tablets Daily By Mike Bronson (pictured) Content Writer 1,844 ViewsTablets have changed how companies operate in almost every industry. These slim devices are no longer just for personal entertainment or checking emails on the go. Today, they s...

Identity security is now the top target for attackers, with identity-based methods used in 65% of recent breaches. Tools like BloodHound are becoming essential for closing security gaps. Is your company network fully protected against credential abuse?

As Identity Becomes the Target, MSSPs Inherit the Risk – SpecterOps Extends BloodHound Enterprise Reach The attack path management vendor is extending its solution's capabilities to Okta, Microsoft, and ServiceNow as identity becomes central to cybersecurity.

Managed security is evolving to catch phishing sites faster using fine-tuned AI models. As hackers get smarter, your defense systems have to keep up. How often does your team participate in security training to spot the latest online scams?


https://www.helpnetsecurity.com/2026/04/17/immuniweb-updates-q1-2026/

44.229.4.254

Microsoft is overhauling how it tests new Windows features to get feedback faster and reduce bugs in the final versions. A more stable operating system means fewer headaches for you. What is the one Windows feature you wish they would fix first?

Windows 11 testing is going back to the future with new Insider plans Microsoft is bringing back the feel-good vibes of Windows 10 with a new approach to its Insider channels as well as in-person meetups throughout the coming months.

The latest Windows 11 updates are finally making it easier to manage your account and security settings in one place. Staying secure shouldn't be a chore for business owners. Have you explored the new account dashboard on your work PC yet?

Windows 11 cumulative updates KB5083769 & KB5082052 released Microsoft has released Windows 11 KB5083769 and KB5082052 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features.

The one Outlook rule you need to set to save yourself from awkward conversations is called "delay delivery." You set it once in classic Outlook, and from that point on every email you send sits in your Outbox for a specific time (that you set) before it leaves.

If you spot a typo, realize you sent the wrong attachment, or wrote something in frustration you wish you hadn't, you can have a standard 2-minute delay to give you enough time to stop it. Just delete the email from your Outbox before the timer runs out.

To set it up in classic Outlook:
1. Go to File > Manage Rules & Alerts

2. Click "New Rule" and pick "Apply rule on messages I send"

3. Skip past the conditions so it applies to every email

4. Check "defer delivery by a number of minutes" and set it to 2

5. Save the rule

This is better than Outlook's built-in "Recall" feature, because it works every single time.