The Cybersecurity and Infrastructure Security Agency has warned of ongoing malicious cyber activity targeting endpoint management systems and urged organizations to strengthen configurations against potential threats.
The latest CISA alert underscores the growing urgency for organizations to strengthen endpoint security and defend against evolving cyberthreats. Timely discussions around cybersecurity strategies continue across government and industry. Reserve your spot at the 2026 Cyber Summit and be part of the conversation on May 21.
The alert follows a March 11 cyberattack on medical technology company Stryker that disrupted its global network and affected its Microsoft environment, CISA said Wednesday.
What Are the Best Practices to Help Strengthen Microsoft Intune Protections?
CISA outlined several measures organizations should adopt to reduce risk and prevent unauthorized activity, including applying least privilege principles and using Microsoft Intune’s role-based access control to limit permissions and scope of access.
Microsoft Intune is a cloud-based unified endpoint management platform designed to help IT teams manage and secure applications and devices.
The agency also urged organizations to enforce phishing-resistant multifactor authentication, strengthen privileged access controls using Microsoft Entra ID tools and require multi-admin approval for high-risk actions such as device wipes and configuration changes.
CISA also directed organizations to Microsoft and federal resources for broader guidance on securing Intune, implementing zero trust principles and strengthening identity and access management controls.
What Did Acting CISA Director Nick Andersen Say About Efforts to Address the Cyberattack?
Acting CISA Director Nick Andersen said the agency has been working directly with Stryker alongside federal partners to respond to the incident, Nextgov/FCW reported Tuesday.
“We’ve engaged with them. Our teams have worked with them, as well as some of the FBI teams, and our regional personnel have been engaged with them,” Andersen told reporters after speaking at a McCrary Institute event on Tuesday.
He did not provide additional updates but added that CISA is continuing to work with sector-based industry groups on foreign cyberthreats.
