Microsoft has canceled plans to impose a daily limit of 2,000 external recipients on Exchange Online bulk email senders. From a report: The change was announced in April 2024, when Microsoft said that it would add new External Recipient Rate (ERR) limits starting January 2025 to fight spam, with plans to begin enforcing the limit on cloud-hosted mailboxes of existing tenants between July and December 2025. As explained last year, this new Mailbox External Recipient Rate Limit was designed to prevent Microsoft 365 customers from abusing Exchange Online resources and to restrict unfair usage. However, on Tuesday, Microsoft announced that the Exchange Online bulk emailing rate limit is being canceled indefinitely, following negative customer feedback.

Read more of this story at Slashdot.

Microsoft's OneDrive cloud storage service has drawn renewed criticism for a particularly frustrating behavior pattern that can leave users without access to their local files after the service automatically activates during Windows updates. Author Jason Pargin recently outlined the problem: Windows updates can enable OneDrive backup without any plain-language warning or opt-out option, and the service then quietly begins uploading the contents of a user's computer to Microsoft's servers. The trouble begins when users attempt to disable OneDrive Backup. According to Pargin, turning off the feature can result in local files being deleted, leaving behind only a desktop icon labeled "Where are my files?" Users can redownload their files from Microsoft's servers, but attempting to then delete Microsoft's copies triggers another deletion of the local files. The only workaround requires users to hunt down YouTube tutorials that walk through the steps, as the relevant options are buried in menus and none clearly describe their function in plain English. Pargin compared the experience to a ransomware attack.

Read more of this story at Slashdot.

Des nouvelles de cette saloperie de Windows 11 : Non seulement Microsoft utilise des dark patterns pour inciter les utilisateurs à autoriser Microsoft à récupérer vos fichiers privés, mais en prime si vous supprimez vos fichiers de OneDrive, cela les supprime localement.
C'est en gros le fonctionnement d'un ransomeware: Il utilise de l'ingénierie sociale pour récupérer vos fichiers, et vous les fait perdre si vous essayez de vous échapper du système.
Franchement, si vous le pouvez, virez Windows.
(Permalink)

Le patron de Microsoft n'aime pas le terme "slop".
Comme beaucoup d'autres, je propose donc qu'on utilise "Microslop" à la place de "Microsoft".

Nadella n'est pas d'accord ? On s'en fou.
Lui il s'en fout bien totalement que les utilisateurs de ses produits ne veuillent pas d'IA. 🤷‍♂️
(Permalink)

Longtime reader joshuark shares a report: As spotted by Bluesky user DodgerFanLA, going to Office.com now greets you with the following helpful explainer: "The Microsoft 365 Copilot app (formerly Office) lets you create, share, and collaborate all in one place with your favorite apps now including Copilot.*" Never has an asterisk been more relevant to me than following the words "your favorite apps now including Copilot." About a decade ago, hardware company Corsair attempted to pivot from its classic logo -- a subtle trio of ship sails -- to a newer, edgier look, a pair of crossed swords that gave off regrettable '2000s tribal tattoo' energy. The rebrand didn't last long: after a fierce outcry from people who correctly thought the new logo sucked, Corsair swapped to a refreshed take on the sail logo, which it's been using ever since. Corsair was established in 1994, and made about $1.4 billion last year -- which I bring up because today Microsoft, a slightly bigger company, has slipped on its own rebranding banana peel. The company is seemingly all but ditching the Office name -- which it introduced four years before Corsair existed, and which drove more than $30 billion in revenue just last quarter -- with a catchy new name: "Microsoft 365 Copilot app." The company had already downplayed the Office name, despite it being perhaps the most universally recognized software in existence, by renaming its cloud version of Word, Powerpoint, etc. Office 365 in 2010, then Microsoft 365 in 2017. Now when you want to open up a Word document, you can get to them by launching the Microsoft 365 Copilot app. Intuitive! Should Microsoft just go ahead and rebrand Windows, the only piece of its arsenal more famous than Office, as Copilot, too? I do actually think we're not far off from that happening. Facebook rebranded itself "Meta" when it thought the metaverse would be the next big thing, so it seems just as plausible that Microsoft could name the next version of Windows something like "Windows with Copilot" or just "Windows AI." Copilot is the app for launching the other apps, but it's also a chatbot inside the apps. Any questions? Correction: Office hasn't been renamed to "Microsoft 365 Copilot app." The Verge adds: The confusion comes from Microsoft's own Office.com domain, which for the past year has acted as a way to push businesses and consumers to use the Microsoft 365 Copilot app. This app is a hub app that provides access to Copilot, as well as all the Office apps. Microsoft used to call this app simply Office, before the company rebranded Office to Microsoft 365 in 2022. If you visit Office.com you'll see a big welcome to the Microsoft 365 Copilot app, and a note from Microsoft that would confuse anyone not following the company's confusing branding: "The Microsoft 365 Copilot app (formerly Office)..." That mention of "formerly Office" is Microsoft referring to the very old Office app that launched in 2019 as a way to try and convince people to use online versions of Word, Excel, and PowerPoint. Until a year ago it used to be called the Microsoft 365 app. Microsoft then announced it was rebranding its Microsoft 365 app in November 2024 to a Copilot one, which I and everyone else were very confused at. The new app icon and name -- Microsoft 365 Copilot -- then rolled out on January 15th last year to Windows, iOS, and Android users.

Read more of this story at Slashdot.

« Que se passe-t-il en ce moment avec Windows 11 ? Depuis quelques mois, Microsoft semble accumuler les boulettes, dans une avalanche de problèmes techniques, alors même que Windows 10 n’a plus de support. Les annonces sur l'IA et la montée en puissance de Linux sur les jeux n'arrangent pas la situation. »

Voir aussi : https://www.windowscentral.com/microsoft/windows-11/2025-has-been-an-awful-year-for-windows-11-with-infuriating-bugs-and-constant-unwanted-features
(Permalink)

Microsoft veut virer le C/C++ de ses produits et tout réécrire en Rust.
Wokay.
Mais tu ne réécris pas des centaines de millions de lignes de code, avec toutes leurs quirks, en étant sûr que ça aura le même comportement, en claquant des doigts.

Ah oui pardon il y a l'IA magique.

"‘1 engineer, 1 month, 1 million lines of code."
Je ne vois pas comment ça peut être viable.
Je prédis une augmentation des problèmes dans les produits Microsoft.
Fuyez !
(Permalink)

« Mais en coulisses, les employés racontent une tout autre histoire : l'entreprise chercherait à remplacer autant d'emplois que possible par des agents d'IA. Pourtant, les développeurs affirment que l'IA de Microsoft est loin d'être fiable. »
Tarés. Ils sont tarés.

Ce qui est certain avec ça, c'est que les anciens de Microsoft - ceux qui connaissent vraiment bien les produits et les font tourner - vont vouloir fuire. Et devinez quoi ?
« Trois cadres de Microsoft ont déclaré que Rajesh Jha, responsable de longue date d'Office et de Windows, envisageait de prendre sa retraite. Des initiés évoquent également la possibilité que Charlie Bell, qui dirige la cybersécurité chez Microsoft, prenne sa retraite. »

Fuyez les produits de cette boîte !
(Permalink)

Microsoft's latest holiday ad for its Copilot AI assistant features a 30-second montage of users seamlessly syncing smart home lights to music, scaling recipes for large gatherings, and parsing HOA guidelines -- none of which the software can actually perform reliably when put to the test. The Verge methodically tested each prompt shown in the ad and found that Copilot repeatedly hallucinated interface elements that didn't exist, claimed to highlight on-screen buttons when it hadn't, and abandoned calculations midway through. The smart home interface shown in the ad belongs to "Relecloud," a fictional company Microsoft uses in internal case studies. A Microsoft spokesperson confirmed that both the HOA document and the inflatable reindeer photo were fabricated for the advertisement. The ad closes with Santa Claus asking Copilot why toy production is behind schedule. Further reading: Talking To Windows' Copilot AI Makes a Computer Feel Incompetent.

Read more of this story at Slashdot.

LG said it will let owners of its TVs delete Microsoft's Copilot shortcut after several reports highlighted the unremovable icon. In a statement to The Verge, LG says the company "respects consumer choice and will take steps to allow users to delete the shortcut icon if they wish." From the report: Last week, a user on the r/mildlyinfuriating subreddit posted an image of the Microsoft Copilot icon in their lineup of apps on an LG TV, with no option to delete it. "My LG TV's new software update installed Microsoft Copilot, which cannot be deleted," the post says. The post garnered more than 36,000 upvotes as people grow more frustrated with AI popping up just about everywhere. Both LG and Samsung announced plans to add Microsoft's Copilot AI assistant to their TVs in January, but it appears to be popping up on LG TVs following a recent update to webOS. [LG spokesperson Chris De Maria] clarifies that the icon is a "shortcut" to the Microsoft Copilot web app that opens in the TV's web browser, rather than "an application-based service embedded in the TV." He also adds that "features such as microphone input are activated only with the customer's explicit consent." There's no word on when LG will roll out the ability to delete the Copilot icon.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Microsoft is killing off an obsolete and vulnerable encryption cipher that Windows has supported by default for 26 years following more than a decade of devastating hacks that exploited it and recently faced blistering criticism from a prominent US senator. When the software maker rolled out Active Directory in 2000, it made RC4 a sole means of securing the Windows component, which administrators use to configure and provision fellow administrator and user accounts inside large organizations. RC4, short for Rivist Cipher 4, is a nod to mathematician and cryptographer Ron Rivest of RSA Security, who developed the stream cipher in 1987. Within days of the trade-secret-protected algorithm being leaked in 1994, a researcher demonstrated a cryptographic attack that significantly weakened the security it had been believed to provide. Despite the known susceptibility, RC4 remained a staple in encryption protocols, including SSL and its successor TLS, until about a decade ago. [...] Last week, Microsoft said it was finally deprecating RC4 and cited its susceptibility to Kerberoasting, the form of attack, known since 2014, that was the root cause of the initial intrusion into Ascension's network. "By mid-2026, we will be updating domain controller defaults for the Kerberos Key Distribution Center (KDC) on Windows Server 2008 and later to only allow AES-SHA1 encryption," Matthew Palko, a Microsoft principal program manager, wrote. "RC4 will be disabled by default and only used if a domain administrator explicitly configures an account or the KDC to use it." [...] Following next year's change, RC4 authentication will no longer function unless administrators perform the extra work to allow it. In the meantime, Palko said, it's crucial that admins identify any systems inside their networks that rely on the cipher. Despite the known vulnerabilities, RC4 remains the sole means of some third-party legacy systems for authenticating to Windows networks. These systems can often go overlooked in networks even though they are required for crucial functions. To streamline the identification of such systems, Microsoft is making several tools available. One is an update to KDC logs that will track both requests and responses that systems make using RC4 when performing requests through Kerberos. Kerberos is an industry-wide authentication protocol for verifying the identities of users and services over a non-secure network. It's the sole means for mutual authentication to Active Directory, which hackers attacking Windows networks widely consider a Holy Grail because of the control they gain once it has been compromised. Microsoft is also introducing new PowerShell scripts to sift through security event logs to more easily pinpoint problematic RC4 usage. Microsoft said it has steadily worked over the past decade to deprecate RC4, but that the task wasn't easy. "The problem though is that it's hard to kill off a cryptographic algorithm that is present in every OS that's shipped for the last 25 years and was the default algorithm for so long, Steve Syfuhs, who runs Microsoft's Windows Authentication team, wrote on Bluesky. "See," he continued, "the problem is not that the algorithm exists. The problem is how the algorithm is chosen, and the rules governing that spanned 20 years of code changes."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Microsoft is killing off an obsolete and vulnerable encryption cipher that Windows has supported by default for 26 years following more than a decade of devastating hacks that exploited it and recently faced blistering criticism from a prominent US senator. When the software maker rolled out Active Directory in 2000, it made RC4 a sole means of securing the Windows component, which administrators use to configure and provision fellow administrator and user accounts inside large organizations. RC4, short for Rivist Cipher 4, is a nod to mathematician and cryptographer Ron Rivest of RSA Security, who developed the stream cipher in 1987. Within days of the trade-secret-protected algorithm being leaked in 1994, a researcher demonstrated a cryptographic attack that significantly weakened the security it had been believed to provide. Despite the known susceptibility, RC4 remained a staple in encryption protocols, including SSL and its successor TLS, until about a decade ago. [...] Last week, Microsoft said it was finally deprecating RC4 and cited its susceptibility to Kerberoasting, the form of attack, known since 2014, that was the root cause of the initial intrusion into Ascension's network. "By mid-2026, we will be updating domain controller defaults for the Kerberos Key Distribution Center (KDC) on Windows Server 2008 and later to only allow AES-SHA1 encryption," Matthew Palko, a Microsoft principal program manager, wrote. "RC4 will be disabled by default and only used if a domain administrator explicitly configures an account or the KDC to use it." [...] Following next year's change, RC4 authentication will no longer function unless administrators perform the extra work to allow it. In the meantime, Palko said, it's crucial that admins identify any systems inside their networks that rely on the cipher. Despite the known vulnerabilities, RC4 remains the sole means of some third-party legacy systems for authenticating to Windows networks. These systems can often go overlooked in networks even though they are required for crucial functions. To streamline the identification of such systems, Microsoft is making several tools available. One is an update to KDC logs that will track both requests and responses that systems make using RC4 when performing requests through Kerberos. Kerberos is an industry-wide authentication protocol for verifying the identities of users and services over a non-secure network. It's the sole means for mutual authentication to Active Directory, which hackers attacking Windows networks widely consider a Holy Grail because of the control they gain once it has been compromised. Microsoft is also introducing new PowerShell scripts to sift through security event logs to more easily pinpoint problematic RC4 usage. Microsoft said it has steadily worked over the past decade to deprecate RC4, but that the task wasn't easy. "The problem though is that it's hard to kill off a cryptographic algorithm that is present in every OS that's shipped for the last 25 years and was the default algorithm for so long, Steve Syfuhs, who runs Microsoft's Windows Authentication team, wrote on Bluesky. "See," he continued, "the problem is not that the algorithm exists. The problem is how the algorithm is chosen, and the rules governing that spanned 20 years of code changes."

Read more of this story at Slashdot.

Microsoft has announced that it will raise prices on its Microsoft 365 productivity suites for businesses and government clients starting in July 2026, marking the first commercial price increase since 2022. Small business and frontline worker plans face the steepest hikes: Business Basic jumps 16.7% to $7 per user per month, while frontline worker subscriptions surge up to 33%. Enterprise plans see more modest bumps, ranging from 5.3% for E5 to 8.3% for E3. Microsoft attributed the increases to more than 1,100 new features added to the suite, including AI-driven tools and security enhancements. Copilot remains a separate $30-per-month add-on.

Read more of this story at Slashdot.