Microsoft Kills Defender VPN, It Was Just a Gimmick Anyway

This Week in IT, Microsoft shuts down its Defender VPN service, hackers are targeting ADFS, and the last Cumulative Update (CU) for Microsoft Exchange Server 2019 gets delayed for extended testing.

Links and resources

• Microsoft to kill off Defender VPN on February 28 • The Register
• Hackers Use Fake ADFS Login Pages to Steal Credentials
• Microsoft Extends Testing for Final Exchange Server 2019 Update
• Microsoft Entra Connect Sync Gets New Auditing Capabilities

Episode overview

This week’s IT news highlights Microsoft’s shutdown of its Defender VPN service, hacker attacks on ADFS, and delays in the latest cumulative update for Microsoft Exchange Server 2019.

• Microsoft Shuts Down Defender VPN Service: Microsoft has decided to discontinue its consumer version of the Defender VPN service, which was found to be limited in data transfer and speed, providing questionable security and privacy benefits.
• VPN Services and Security: VPN services are often marketed for security and privacy, but many do not provide significant benefits and can log user traffic, leading to potential data leaks.
• ADFS Targeted by Hackers: Hackers are creating spoof ADFS login pages to steal credentials and multi-factor authentication codes, prompting Microsoft to recommend moving to its cloud-based identity management service, Microsoft Enter ID.
• Delays in Exchange Server 2019 Update: The final cumulative update for Microsoft Exchange Server 2019 has been delayed due to extended testing needed for security updates that caused issues with transport rules and email services.