Microsoft Intune in Focus as CISA Warns of Endpoint Cyberattacks After Stryker Breach

CISA has issued a new warning about rising cyber threats targeting enterprise systems. Yesterday, the agency confirmed that malicious activity is impacting endpoint management systems used by U.S. organizations (via Bloomberg). This comes after the March 11, 2026, cyberattack on Stryker Corporation, which reportedly affected its Microsoft environment.

Stryker breach pushes US agency to warn companies about Microsoft tool security

The update comes directly from CISA, which says it is now working with federal partners, including the FBI, to investigate the incident and identify additional threats. As of now, the agency hasn’t shared technical details about the attack. However, it notes that attackers are misusing legitimate endpoint management software, making these threats harder to detect.

To counter this, CISA is urging organizations to adopt Microsoft’s newly released best practices for securing Microsoft Intune. The agency says these principles can also be applied more broadly to other endpoint management tools. One of the key recommendations is to follow the principle of least privilege when assigning administrative roles.

Organizations are also advised to use role-based access control in Microsoft Intune. This ensures users only get the minimum permissions required for their tasks. In addition, CISA highlights the importance of enforcing phishing-resistant multi-factor authentication and stronger privileged access hygiene using Microsoft Entra ID features like Conditional Access and risk signals.

Another major recommendation from CISA involves enabling Multi Admin Approval. This adds an extra layer of security by requiring a second admin to approve high-impact actions, such as device wipes or configuration changes.

Other tech giants are taking cybersecurity seriously, with Google donating $12.5 million to combat AI-related threats. Meanwhile, Microsoft has added new security recommendations for Defender for Endpoint.