CISA Warns on Intune Risks After Stryker Breach, Calls for Tighter Controls
After Stryker’s March 11 breach targeting its Microsoft environment, CISA issued an urgent advisory urging organizations to harden endpoint-management configurations and adopt Microsoft’s new Intune security best practices. The alert notes attackers abusing legitimate endpoint-management tools to gain privileged access and move laterally. Key mitigations include implementing least-privilege RBAC, phishing-resistant MFA with Entra ID and Conditional Access, reviewing Privileged Identity Management for just-in-time access, enabling Multi-Admin Approval for sensitive operations, and aligning with Zero Trust principles across Intune and connected Microsoft services.