Turning up your cyber-security
Kinetics is busy rolling out an additional security protection for Kinetics KARE Foundation customers only, designed to stop a highly active and sophisticated phishing campaign currently targeting Microsoft 365 environments worldwide.
(This change is included in KARE Foundation subscriptions and there is no additional cost).
These changes build out further on our recent inclusion of MDR and ITDR in all KARE Foundation Cyber-Security subscription plans.
This measure works quietly in the background and is focused on keeping customer accounts safe, with little to no impact on normal day‑to‑day work.
Why this change is being made
Over the past two weeks, security teams across the industry have observed a large‑scale phishing campaign affecting hundreds of Microsoft 365 tenants. This campaign uses advanced techniques, including:
- Device code phishing, which can trick users into approving sign‑ins without realising it
- Highly personalised, AI‑generated phishing messages, designed to look legitimate and evade email filtering
- Infrastructure hosted on commonly used cloud platforms, making the activity harder to spot
While the Kinetics KARE security monitoring has successfully detected this activity, the scale and effectiveness of the campaign prompted an additional preventative step — stopping known attacker infrastructure from authenticating at all.
What Kinetics is doing
For KARE Foundation customers, Kinetics is deploying a protective Microsoft 365 sign‑in policy that:
- Blocks authentication attempts coming from confirmed attacker infrastructure
- Applies across all Microsoft 365 services (Outlook, Teams, OneDrive, SharePoint, and more)
- Prevents access even if a username, password, or approval is mistakenly provided
This policy targets known malicious networks only. It does not block countries, regions, or legitimate users.
What this means for you as a user
You’re safer, even if a phishing message looks convincing
This additional layer of protection reduces the risk that:
- A single click
- A moment of uncertainty
- Or a very convincing phishing email
can turn into a full account compromise.
Even if credentials were exposed, sign‑ins from attacker‑controlled infrastructure are automatically blocked.
Little to no change to how you work
For most users, nothing will feel different:
- You’ll sign in the same way as before
- Your Microsoft 365 apps will work as normal
- There are no new prompts or steps added
This protection runs silently in the background
If access is blocked
In rare cases, a user might see an access‑blocked message. This would only occur if a sign‑in attempt is coming from a network that has been positively identified as part of the active attack.
This is the system doing exactly what it’s designed to do — protect accounts before damage occurs.
What if you’re travelling?
Normal travel is not affected.
This protection:
- Is not based on location or country
- Does not block airports, hotels, home internet, or mobile networks
- Does not interfere with remote or hybrid work
Domestic and international travel should continue as usual.
In uncommon edge cases — such as using low‑quality or risky VPN or proxy services — access may be blocked if that service overlaps with known malicious infrastructure.
Who this applies to
✅ Kinetics KARE Foundation customers only
❌ Not applied to other Kinetics service tiers at this time
This scoped rollout allows Kinetics to provide enhanced protection where it is most appropriate, without unnecessary disruption.
In summary
- This is a preventative security measure
- It adds additional protection for users from modern, AI‑driven phishing attacks
- It has minimal impact on everyday work
- It quietly blocks attackers, not people
If you have questions or encounter anything unusual while signing in, the Kinetics KARE team is ready to help.