On March 18, the Cybersecurity and Infrastructure Security Agency (CISA) announced that it is aware of malicious cyber activity targeting endpoint management systems of U.S. organizations based on the March 11, 2026 cyberattack against U.S.-based medical technology firm Stryker Corporation, which affected their Microsoft environment.
To defend against similar malicious cyber activity, CISA urges organizations to harden endpoint management system configurations using the recommendations and resources provided in this alert. CISA is conducting enhanced coordination with federal partners, including the Federal Bureau of Investigation (FBI), to identify additional threats and determine mitigation actions.
To defend against similar malicious activity that misuses legitimate endpoint management software, CISA urges organizations to implement Microsoft’s newly released best practices for securing Microsoft Intune; the principles of these recommendations can be applied to Intune and more broadly to other endpoint management software:
- Use principles of least privilege when designing administrative roles.
- Enforce phishing-resistant multi-factor authentication (MFA) and privileged access hygiene.
- Configure access policies to require Multi Admin Approval in Microsoft Intune.
Source: CISA
If you enjoyed this article, please consider becoming a paid subscriber. Your support helps keep our site ad-free.
By 
