Monday, June 15, 2026

Microsoft Copilot Service Disruption — June 11, 2026 Deployment Rollback

Microsoft 365 Copilot Chat and portal.office.com access were disrupted on June 11 after a bad deployment caused degraded authentication token issuance; Microsoft reverted to a previous build and declared full restoration by late afternoon Pacific time. This was the second Copilot disruption in June 2026, highlighting Copilot's growing role as an operational dependency in M365 E5 environments. Workaround during outages: direct users to classic Office apps and monitor the M365 Service Health Dashboard (look for 'CPL' advisories).

June 2026 Microsoft Security Rollup: Critical Updates for Azure PIM, AKS, Azure Stack HCI and More

On June 9, 2026, Microsoft's monthly security rollup included critical patches for Azure Connected Machine Agent, Azure Kubernetes Service, Azure Privileged Identity Management (PIM), Azure Stack Edge, Azure Stack HCI, Azure Logic Apps, and M365 Copilot for Desktop. MSPs managing Azure hybrid and cloud environments should prioritise these updates, particularly for internet-facing AKS clusters and any deployment using Azure PIM for privileged access control. No workaround is available for most of these — patching is the only remediation.

Microsoft Copilot Suffers Second June Outage — Resolved by Rolling Back Build

Microsoft's Copilot AI services suffered a second outage in June 2026, with users reporting access failures, timeout errors, and broken Copilot Chat sessions. Microsoft resolved the incident by reverting to a previous build. Workaround during future outages: revert to native Office app functions (Word, Outlook) and disable Copilot-dependent automated workflows until service health is confirmed.

Microsoft Azure Entra ID Authentication Outage Cascades Across M365 Services

A prior major M365 outage pattern in 2026 showed that Azure AD/Entra ID authentication layer failures cause cascading failures across Outlook, Teams, SharePoint, OneDrive, and Microsoft Defender simultaneously — pointing to a shared single point of failure in the identity layer. Microsoft has not publicly committed to a specific remediation programme for the sequence of 2026 incidents. MSPs should ensure clients have offline MFA backup codes and documented break-glass procedures for Entra ID outage scenarios.

CVE-2026-41091 (RedSun): Microsoft Defender Zero-Day Under Active Exploitation — Auto-Update May Not Be Enough

CVE-2026-41091 (RedSun) is a Microsoft Defender EoP zero-day confirmed as actively exploited in the wild, disclosed on April 15, 2026, with a PoC published May 13 before a patch shipped June 9. While Defender typically self-updates, organisations running Defender in isolated or air-gapped environments must manually update to the latest definitions and engine version immediately. Multiple independent researchers were credited, indicating widespread active exploitation.

CVE-2026-49975 ('HTTP/2 Bomb'): Unpatched DoS Against Default IIS and Web Server Configs

CVE-2026-49975, dubbed 'HTTP/2 Bomb,' became public knowledge the week of June 9 and Microsoft has not yet directly addressed this HTTP/2 denial-of-service vulnerability, which trivially crashes multiple web server platforms including Microsoft IIS in default configurations. The flaw allows uncontrolled resource consumption over a network and Microsoft assesses exploitation as 'more likely.' Workaround: review HTTP/2 configuration on exposed IIS servers and consider disabling HTTP/2 until a patch is available.

Seven Critical RCEs Patched in Windows Remote Desktop Client — Exploitation 'More Likely' for CVE-2026-42985

Microsoft patched seven critical Remote Desktop Client RCE vulnerabilities in June Patch Tuesday, with CVSS scores up to 8.8. CVE-2026-42985 is rated 'Exploitation More Likely' and allows heap-based buffer overflow via a malicious RDS server that a victim connects to. Workaround: prevent users from connecting to untrusted Remote Desktop servers and restrict RDP exposure at the firewall until patching is complete.

Pax8 Managed Intelligence Toolkit Enters Q2 2026 Availability — Agentic AI for MSP-SMB Delivery

Pax8's Managed Intelligence Toolkit, announced at its 2025 Beyond conference for Q2 2026 release, integrates Model Context Protocol (MCP) into its Marketplace APIs to allow Microsoft Copilot agents to interact directly with the Pax8 commerce catalog on behalf of MSPs. The platform is designed to let MSPs orchestrate and scale agentic AI automation across SMB customers from a unified environment. MSPs on Pax8 should review the toolkit's availability and pilot readiness now.

SentinelOne Flags 'Massive MSSP Opportunities' in APAC — CRN Australia Coverage

SentinelOne has publicly identified large MSSP growth opportunities across the APAC region in 2026, with CRN Australia reporting on the vendor's channel push targeting Australian and regional managed security service providers. This signals increased vendor investment and potentially new partner programme benefits for Australian MSSPs looking to expand their security service offerings. MSPs interested in SentinelOne's APAC MSSP programme should engage their distributor or SentinelOne channel team for details.

DXC Technology Worker Speaks Out on Underpayment — AU Channel Labour Compliance in Focus

CRN Australia is reporting on a DXC Technology worker publicly alleging underpayment, raising broader compliance and labour law questions for the Australian IT channel. This follows increased Fair Work scrutiny of IT services firms and has implications for MSPs that subcontract or engage field technicians under EBAs or Awards. Australian MSPs should review contractor and casual worker pay classifications against current Fair Work rates to avoid exposure.