Microsoft is ending any grace period for all subscriptions

Microsoft will remove any grace period for all expired subscriptions, including Microsoft 365, from 4 May 2026. This means you will need to take action and/or make payment in advance of a subscription’s end date, to ensure the subscription and its services continue.

Microsoft previously offered a short grace period where services continued to be available and renewal was still possible after a subscription had expired. This allowed some flexibility and time to make belated decisions regarding accounts, licenses, etc.

This grace period will now be replaced by a paid option, the Extended Service Term (EST), where services can remain active after a subscription expires only at additional cost. Under EST, subscriptions are billed at the monthly uplift rate of the license(s) at ~20% plus a further 3% surcharge. For license(s) without a monthly plan available the surcharge is 23%.

From 4 May 2026, organisations will need to choose from the following options at the end of a subscription term:

  • Renew the subscription and ensure payment is made before the renewal date
  • Cancel the subscription with the service stopping immediately at the renewal date
  • Move to Extended Service Term (EST) with surcharges applied

The removal of the grace period means that subscription management now requires more proactive planning and payment to be made in advance of the renewal date in order to avoid losing access to services and incurring unwanted surcharges.

Please note that Microsoft has recently revised the original enforcement date, moving it from 1 April 2026 to 4 May 2026. The overall process and intention remain unchanged.

Read More

Important update about Microsoft licenses pricing, July 2026

Important update about Microsoft licenses pricing, July 2026

Microsoft will be making changes to their pricing model, effective 1 July 2026, which will impact all licenses. This includes core Microsoft 365 licenses, such as Business Basic, Business Standard, and Business Premium.

Please be advised that from 1 July, Microsoft will increase their prices impacting new subscriptions and subscription renewals from and after this date. This includes discounted (e.g. nonprofit) as well as commercial licenses. Pricing will continue to be fixed and protected throughout annual subscription terms.

Currently Microsoft’s pricing changes are only available in USD ($), and these are an increase of circa 12–17%. Microsoft practices regional pricing, and the changes in GBP (£) are not yet available. We will update this page once this has been made available by Microsoft.

The top tier provider’s explanation for these price changes lies in the addition of new features into core plans. Microsoft says their suites of services will be materially more valuable and customers are being provided with enhanced capabilities. These include:

  • Integrating Copilot Chat directly into Word, Outlook, Teams etc; instead of it being a paid add-on
  • Including security measures such as URL checks as standard; which are currently premium features
  • Adding a further 50GB email storage per license; which is currently a paid addition

Microsoft continues to review their pricing globally on a twice yearly basis, which could mean the next potential change is in January 2027. Using annual subscriptions wherever possible will help maintain consistent pricing and predictability for at least one year.

We will update this post (and our Microsoft 365 listings) as and when we receive further updates on regional pricing.

Read More

Discounted subscriptions and longer trials for Squarespace

Discounted subscriptions and longer trials for Squarespace

We are pleased to share that we continue to be recognised as a Squarespace Partner and can provide our clients with exclusive features and discounts.

This status highlights our expertise in using, deploying, and supporting the Squarespace platform. As an official Partner, we can offer clients the following benefits:

  • 10% off the first year of a new subscription
  • Extended 3-month free trials, allowing more time to refine and perfect before launch
  • Priority support, ensuring faster resolution of queries or issues
  • Early access to new features, so you can use the latest innovations

For more information or to discuss your next project, please get in touch.

Read More

Ten predictions for AI in cyber security for 2026

Ten predictions for AI in cyber security for 2026

1. AI-driven phishing becomes indistinguishable from humans
LLMs enable mass-produced, highly personalised phishing emails that accurately mimic tone, context, and writing style. Traditional “spot the bad grammar” tactics stop working.

2. Deepfakes undermine trust at scale
AI-generated voices and video will be used to impersonate executives, staff, and suppliers—authorising payments, issuing instructions, or spreading false information. Verification, not familiarity, becomes critical.

3. Autonomous malware adapts in real time
Malware increasingly uses AI to mutate code, evade detection, and adapt mid-attack. Signature-based antivirus can’t keep up; behaviour-based and adaptive defences become mandatory.

4. Prompt injection and AI-targeted attacks
Attackers will actively target AI systems—tricking agents into leaking data, making unsafe decisions, or executing harmful actions. Securing AI becomes as important as securing identities and endpoints.

5. AI lowers the barrier to entry for cybercrime
With LLMs, attackers no longer need deep technical skill. Phishing, malware, and social engineering can be launched faster, cheaper, and at scale by almost anyone.

6. AI-powered threat detection becomes essential
Security platforms must use machine learning to detect anomalies, correlate weak signals, and identify attacks early. Organisations of all sizes will need AI-driven detection to counter AI-driven threats.

7. AI transforms defensive testing
Autonomous agents can simulate realistic AI-powered attacks, allowing organisations to test defences continuously—not just during annual penetration tests.

8. Autonomous SOCs become the norm
AI agents handle first-line security: alert triage, correlation, and initial containment. Human teams move up the stack, managing response playbooks instead of chasing alerts.

9. LLM assistants amplify security teams
AI assistants draft incident reports, analyse logs, and support faster decision-making. Small teams can operate with the speed and effectiveness of much larger ones.

10. Zero Trust evolves under AI pressure
Trust models must expand beyond users and devices. Every identity, message, and system interaction is verified by default, using behavioural signals, provenance checks, and out-of-band confirmation.

Read More

End of support for Wemo smart home products on 31 January 2026

End of support for Wemo smart home products on 31 January 2026

Manufacturer Belkin has announced that it will discontinue support for the majority of its Wemo consumer smart home products on 31 January 2026.

After this date, affected products will no longer connect to Belkin’s cloud services or operate through the Wemo mobile app. Therefore, all features that rely on cloud connectivity (via Google Home and Alexa, not just the Wemo app), such as remote access and voice assistant integrations, will no longer work.

This impacts Belkin’s Wemo range of smart plugs, switches, dimmers and other connected home devices, which have been widely used for more than a decade. It will particularly affect those with devices permanently installed into walls or integrated into household wiring. While plug-in smart plugs can be replaced relatively easily (although this will incur the cost of new hardware), in-wall products may require professional installation and additional cost to remove or replace.

Only a small number of Wemo devices will continue to function normally via Apple HomeKit. The company has published a list of these unaffected models here.

It may be possible to configure some other products for use with Apple HomeKit before 31 January 2026. This would allow users to maintain basic functionality without Belkin’s cloud infrastructure or app. You can see the full list of affected products and their compatibility with HomeKit on Belkin’s website.

Belkin has acknowledged that the change will disrupt existing smart home setups. However, it has not provided a clear reason for ending Wemo consumer support. Belkin is a major global networking and consumer electronics manufacturer, making its withdrawal from the consumer smart home cloud market notable at a time when many competitors are expanding their range.

It should also be noted that the announcement followed a significant Wemo service outage at the end of 2025. This temporarily disrupted access to devices and prompted questions about the long-term stability and security of the platform. There has thus been speculation regarding the underlying factors which have influenced Belkin’s decision, including the concerns raised by this service disruption. And, although there is currently no indication that Belkin has experienced a breach, security researchers previously disclosed a serious unpatched vulnerability affecting certain Wemo devices. This has further fuelled speculation that a security incident may have been a factor in the decision.

Read More

NCSC ending Web Check and Mail Check in March 2026

NCSC ending Web Check and Mail Check in March 2026

The National Cyber Security Centre (NCSC) has announced that its Web Check and Mail Check services will be retired on 31 March 2026. This marks the end of nearly a decade of free scanning and monitoring offered by the UK Government for common web and email security threats and vulnerabilities. Organisations will need to have an alternative in place before the end of March when findings and alerts from Web Check and Mail Check will cease.

Since 2017, Web Check and Mail Check have supported UK organisations in identifying email security weaknesses, website misconfigurations, and exposed or vulnerable services. However, the External Attack Surface Management (EASM) landscape has evolved significantly in the intervening years. Whilst the free government tools were intentionally simple, EASM platforms now provide more sophisticated monitoring such as: continuous mapping of internet-facing assets and analysis of vulnerabilities; monitoring configuration drift across domains, certificates, and services; assessing email security controls and configuration. They also address modern risks and threats that have developed since Web Check and Mail Check were established.

Given the depth and breadth of these platforms, the NCSC states that continued operation of Web Check and Mail Check duplicates capabilities which are available (and more comprehensively so) elsewhere. They are thus refocusing resources on other projects.

What action do you need to take?

Organisations will need to transition to other tools. It is strongly recommended to adopt an EASM solution in advance of the NCSC’s retirement date on 31 March 2026. It is crucial that organisations continue to monitor attack surfaces, domain reputations, email compliance, and other potential vulnerabilities.

We provide ongoing vulnerability scanning services as well as offering penetration testing for comprehensive reviews. For email compliance alone, we provide reputation monitoring, compromise monitoring (including dark web), and managed support for all the key compliance standards: Domain-based Message Authentication, Reporting, and Conformance (DMARC), DomainKeys Identified Mail (DKIM), and Sender Policy Framework (SPF). You can read more about DMARC and why you need it to prevent spoofing, phishing, and misdelivery in this article.

Please get in touch to add proactive security services and monitoring for your organisations. You can also find out about our suite of Cyber Security services here.

Read More

Closing dates for Christmas and New Year 2025/26

Closing dates for Christmas and New Year 2025/26

Our office will be closed for the holidays from 12pm on Friday 19 December through to 9am on Monday 5 January.

Our last day will be the morning of Friday 19 December 2025, and we will be back on Monday 5 January 2026. Please note that support is not rendered on public holidays.

Whilst we are closed, support is only available for organisations with infrastructure, hosting and/or Support Agreements – please raise a ticket at directionforward.com/support. No other contact methods (including phone lines, emails, texts, messaging apps etc) will be monitored during this time.

Thank you for your understanding. Sending you all the warmest holiday wishes!

Read More

AI web browsers are now available

AI web browsers are now available

In October 2025, OpenAI launched Atlas, whilst Perplexity made Comet free to use, removing the $200 monthly subscription fee. Google is now also offering its Chrome browser augmented with Gemini AI.

Unlike traditional browsers, these integrate AI capabilities directly into the browsing environment. They can summarise content, answer questions in context and, in some cases, act semi-autonomously to perform tasks such as research or shopping for the user.

ChatGPT Atlas

OpenAI’s Atlas extends ChatGPT into a browser, although it is currently limited to modern Mac users (those running macOS with Apple Silicon) and not universally available. It leverages existing ChatGPT technology to analyse or summarise webpages or extract key data, allowing users to ask a question and interact with the chatbot without switching between windows. In the preview Agent Mode, the browser is also able to take limited autonomous actions on the user’s behalf.

OpenAI insists that browsing data is not used for AI training unless users opt in, but questions remain about what contextual information the system retains during a session. Atlas has also faced scrutiny following a reported security vulnerability (CVE) involving session persistence.

Comet

Perplexity’s Comet browser is now generally available and free to use. Unlike Atlas, it was designed as an AI-first browser rather than a conventional one with added tools. Built on Chromium, it integrates Perplexity’s search and reasoning engine throughout. Users can pose questions about any open page, compile summaries across tabs and automate repetitive research.

However, Comet’s deep integration also magnifies attack surfaces. Because the model interprets text directly from webpages, there is a risk of prompt injection i.e. where malicious actors embed hidden instructions to manipulate the model’s behaviour, exfiltrate data or trigger unwanted actions. Combined with uncertainties about how Perplexity stores or filters browsing data, these issues highlight the overlap between AI safety and cybersecurity.

Chrome with Gemini

Instead of creating a new product, Google has embedded Gemini directly into Chrome on macOS and Windows. Users can now activate an ‘AI mode’ in the address bar to generate summaries, explanations or navigation prompts. Google emphasises that this operates within its existing security framework, including Enhanced Safe Browsing and automatic credential protection.

Yet underlying risks remain: Chrome’s scale ensures rapid adoption, but it could also multiply exposure if vulnerabilities do emerge.

Overall, the distinction between searching with AI and asking AI to search seems uncertain. Embedding a model within the browser may assist professionals and specialists (e.g. buyers, analysts, researchers) handling large volumes of information or very specific tasks, but general users may find the gain in speed or clarity to be marginal.

The emergence of agentic capabilities in AI browsers is a more interesting technical prospect: Agent Modes promise to string actions together, navigate interfaces, and make decisions under broad user intent. This could similarly prove useful for specific, repetitive tasks, but currently seems less useful for general browsing. They also expose the brittleness of current models. Minor ambiguities in a prompt or webpage can cause the agent to pursue the wrong objective, loop indefinitely, or trigger actions that exceed what the user intended. For now, agentic behaviour is an interesting prospect but currently far from reliable.

The most significant impact may lie in data and security. While mitigations exist, the risk is inherent to any AI operating at this level of access. AI browsers mediate both what users read and what the models see, merging personal browsing data with cloud inference. Yet none of these providers have fully demonstrated the necessary transparency, safeguards and opt-outs for us to underestimate the importance of both security and privacy risks.

Read More

Downloaded files will no longer auto preview in Windows

Please be advised that Microsoft is disabling auto preview of files downloaded from the internet in File Explorer.

This is a security measure designed to stop exploitations and attack routes automatically running when files such as PDFs (which can contrain scripts and links) are automatically previewed (which is similar to automatically opening the file).

Preview functionality will be disabled by default for all files marked as originating from the web. If you see the following message in File Explorer then you are seeing this new behaviour: The file you are attempting to preview could harm your computer. If you trust the file and the source you received it from, open it to view its contents.

If you are confident in the safety of both the file and its source, you can remove the internet security block – right-click the file in File Explorer, select ‘Properties’, and then select ‘Unblock’. We have also had reports that if you manually open a file fully (eg double click it) then it will auto preview in future when you revisit that file.

Read More

Microsoft Ending Basic Authentication for SMTP AUTH in Exchange Online

Microsoft has announced the end of Basic Authentication for sending email via Microsoft 365 in early 2026. Applications and devices will no longer be able to use Basic Authentication when using Client Submission (SMTP AUTH) to send email via Exchange Online.

Previously Microsoft removed the ability to receive email using Basic Authentication in late 2022. Removal of the ability to send email using Basic Authentication was scheduled for September 2025, but was delayed to give more time for this transition.

This is part of Microsoft’s ongoing efforts to strengthen account security and reduce the risk of phishing, brute-force attacks etc. But this also forms part of Microsoft’s more subtle move to ensure Microsoft 365 email be used for comms only, and not for other applications such as multifunction devices and programmatic messages. Restricting these other uses will help manage abuse on their platform, but will also reduce the volume of email overall thereby likely reducing their operating costs – e.g. if all organisations can no longer use Microsoft 365 email for scan-to-email or notifications functionalities.

Key dates
  • 1 March 2026 31 December 2026
    Basic Authentication will be disabled for existing customers, although it can be re-enabled if needed. Basic Authentication will be unavailable for new customers, with no recourse.
  • 30 April 2026 H2 2027
    Microsoft will announce the final depracation date for Basic Authentication.

If you’re still using Basic Auth to send emails — for example, from websites, applications, scanners, multifunction printers — you’ll need to update your configuration. After the cut-off date, all these systems will no longer be able to send email via Exchange Online (Microsoft 365) until they use a supported authentication method.

You will need to switch to OAuth to continue using Microsoft 365 to send emails in this way, if your systems support modern authentication methods. Otherwise, you may need to switch to another solution that allows for sending programmatic and high message volumes.

Microsoft is offering a new pay-as-you-go high volume email sending service via their Azure Communication Services. And we offer a fixed rate high volume email sending service: please see our SMTP Email here.

Update 12 February 2026

Microsoft has announced a change to this deprecation timeline, and we have updated the dates above accordingly. The overall process and intention remains, but Microsoft has said that more time is being given following customer feedback and to provide additional runway for adoption progress.

Read More
Page 1 of 6012345102030...>>>