recent inclusion of MDR and ITDR<\/a> in all KARE Foundation Cyber-Security subscription plans.<\/p>\nThis measure works quietly in the background and is focused on keeping customer accounts safe, with little to no impact on normal day\u2011to\u2011day work.<\/p>\n
Why this change is being made<\/h3>\n
Over the past two weeks, security teams across the industry have observed a large\u2011scale phishing campaign affecting hundreds of Microsoft 365 tenants<\/strong>. This campaign uses advanced techniques, including:<\/p>\n\n- Device code phishing<\/strong>, which can trick users into approving sign\u2011ins without realising it<\/li>\n
- Highly personalised, AI\u2011generated phishing messages<\/strong>, designed to look legitimate and evade email filtering<\/li>\n
- Infrastructure hosted on commonly used cloud platforms, making the activity harder to spot<\/li>\n<\/ul>\n
While the Kinetics KARE security monitoring has successfully detected this activity, the scale and effectiveness of the campaign prompted an additional preventative<\/strong> step \u2014 stopping known attacker infrastructure from authenticating at all.<\/p>\n[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”1_2,1_2″ _builder_version=”4.27.6″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”1_2″ _builder_version=”4.27.6″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n
What Kinetics is doing<\/span><\/h2>\nFor KARE Foundation customers<\/strong>, Kinetics is deploying\u00a0 a protective Microsoft 365 sign\u2011in policy that:<\/p>\n\n- Blocks authentication attempts coming from confirmed attacker infrastructure<\/strong><\/li>\n
- Applies across all Microsoft 365 services<\/strong> (Outlook, Teams, OneDrive, SharePoint, and more)<\/li>\n
- Prevents access even if a username, password, or approval is mistakenly provided<\/li>\n<\/ul>\n
This policy targets known malicious networks only<\/strong>. It does not block countries, regions, or legitimate users.\u00a0<\/p>\n <\/p>\n
<\/h2>\n
[\/et_pb_text][\/et_pb_column][et_pb_column type="1_2" _builder_version="4.27.6" _module_preset="default" global_colors_info="{}" theme_builder_area="post_content"][et_pb_image src="https:\/\/new.kinetics.co.nz\/wp-content\/uploads\/2026\/03\/365Security400.jpg" title_text="365Security400" _builder_version="4.27.6" _module_preset="default" border_radii="on|10px|10px|10px|10px" border_width_all="1px" box_shadow_style="preset1" global_colors_info="{}" theme_builder_area="post_content"][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version="4.27.6" _module_preset="default" global_colors_info="{}" theme_builder_area="post_content"][et_pb_column type="4_4" _builder_version="4.27.6" _module_preset="default" global_colors_info="{}" theme_builder_area="post_content"][et_pb_text _builder_version="4.27.6" _module_preset="default" global_colors_info="{}" theme_builder_area="post_content"]<\/p>\n
<\/h2>\nWhat this means for you as a user<\/h2>\nYou\u2019re safer, even if a phishing message looks convincing<\/h3>\nThis additional layer of protection reduces the risk that:<\/span><\/h2>\n\n- A single click<\/li>\n
- A moment of uncertainty<\/li>\n
- Or a very convincing phishing email<\/li>\n<\/ul>\n
can turn into a full account compromise.<\/p>\n
Even if credentials were exposed, sign\u2011ins from attacker\u2011controlled infrastructure are automatically blocked.<\/p>\n
Little to no change to how you work<\/h3>\n
For most users, nothing will feel different<\/strong>:<\/p>\n\n- You\u2019ll sign in the same way as before<\/li>\n
- Your Microsoft 365 apps will work as normal<\/li>\n
- There are no new prompts or steps added<\/li>\n<\/ul>\n
This protection runs silently in the background<\/p>\n
[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n
<\/p>\n
If access is blocked<\/h3>\n
In rare cases, a user might see an access\u2011blocked message. This would only occur if a sign\u2011in attempt is coming from a network that has been positively identified as part of the active attack.<\/p>\n
This is the system doing exactly what it\u2019s designed to do \u2014 protect accounts before damage occurs<\/strong>.<\/p>\nWhat if you\u2019re travelling?<\/h3>\n
Normal travel is not affected<\/strong>.<\/p>\nThis protection:<\/p>\n
\n- Is not based on location or country<\/strong><\/li>\n
- Does not block airports, hotels, home internet, or mobile networks<\/strong><\/li>\n
- Does not interfere with remote or hybrid work<\/strong><\/li>\n<\/ul>\n
Domestic and international travel should continue as usual.<\/p>\n
In uncommon edge cases \u2014 such as using low\u2011quality or risky VPN or proxy services \u2014 access may be blocked if that service overlaps with known malicious infrastructure.<\/p>\n
Who this applies to<\/p>\n
\u2705 Kinetics KARE Foundation customers only<\/strong>
\u274c Not applied to other Kinetics service tiers at this time<\/p>\nThis scoped rollout allows Kinetics to provide enhanced protection where it is most appropriate, without unnecessary disruption.<\/p>\n
In summary<\/h2>\n\n- This is a preventative security measure<\/strong><\/li>\n
- It adds additional protection for users from modern, AI\u2011driven phishing attacks<\/li>\n
- It has minimal impact on everyday work<\/li>\n
- It quietly blocks attackers, not people<\/li>\n<\/ul>\n
If you have questions or encounter anything unusual while signing in, the Kinetics KARE team is ready to help.<\/p>\n
[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"
Turning up your cyber-security Kinetics is busy rolling out an additional security protection for Kinetics KARE Foundation customers only, designed to stop a highly active and sophisticated phishing campaign currently targeting Microsoft 365 environments worldwide.\u00a0 (This change is included in KARE Foundation subscriptions and there is no additional cost).\u00a0 These changes build out further on […]<\/p>\n","protected":false},"author":5,"featured_media":16130,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[4,5],"tags":[],"class_list":["post-16129","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-security"],"_links":{"self":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/16129","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=16129"}],"version-history":[{"count":0,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/16129\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/"}],"wp:attachment":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=16129"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=16129"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=16129"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}