As an online advertising network, Microsoft Advertising may be subject to attempted misuse of its services in ways that could contribute to the dissemination or monetisation of disinformation. These risks primarily arise in two forms: the placement of misleading or deceptive advertising content, and the potential funneling of advertising revenue to websites or domains that spread disinformation.

Threat actors may seek to exploit advertising systems by promoting ads containing false or misleading claims, by masking political or issue-based messaging as commercial content, or by directing users to external sites that host disinformation. In some cases, such activity may form part of broader, coordinated influence operations, including those associated with foreign information manipulation efforts.

Microsoft Advertising also anticipates ongoing efforts by malicious actors to evade detection through tactics such as frequent changes to domains, use of intermediary landing pages, keyword obfuscation, or rapid iteration of ad creatives. These risks may be heightened during elections, major geopolitical events, or periods of heightened public attention, when incentives to influence public discourse or monetise misleading narratives increase.

Consistent with trends observed across the advertising ecosystem, Microsoft Advertising recognises that such threats are not static and continues to evolve its policies, enforcement mechanisms, and detection capabilities to address emerging tactics and risks.

As an online advertising network, Microsoft Advertising may be subject to attempted misuse of its services in ways that could contribute to the dissemination or monetisation of disinformation. These risks primarily arise in two forms: the placement of misleading or deceptive advertising content, and the potential funneling of advertising revenue to websites or domains that spread disinformation.

Threat actors may seek to exploit advertising systems by promoting ads containing false or misleading claims, by masking political or issue-based messaging as commercial content, or by directing users to external sites that host disinformation. In some cases, such activity may form part of broader, coordinated influence operations, including those associated with foreign information manipulation efforts.

Microsoft Advertising also anticipates ongoing efforts by malicious actors to evade detection through tactics such as frequent changes to domains, use of intermediary landing pages, keyword obfuscation, or rapid iteration of ad creatives. These risks may be heightened during elections, major geopolitical events, or periods of heightened public attention, when incentives to influence public discourse or monetise misleading narratives increase.

Consistent with trends observed across the advertising ecosystem, Microsoft Advertising recognises that such threats are not static and continues to evolve its policies, enforcement mechanisms, and detection capabilities to address emerging tactics and risks.

As set out in QRE 1.1.1, Microsoft Advertising continues to evolve its disinformation-detection methods. In 2025, Microsoft Advertising expanded detection by applying Microsoft Threat Analysis Center (MTAC) services to support identification of domains associated with Foreign Information Manipulation and Influence (FIMI). MTAC operates within Microsoft’s coordinated threat-intelligence structure, alongside the Microsoft Threat Intelligence Center (MSTIC) and the Digital Crimes Unit (DCU). MTAC is Microsoft’s dedicated center for detecting, assessing, and disrupting global digital threats, with a particular focus on foreign malign influence operations targeting customers, public institutions, and democratic processes, and it supports Microsoft, governments, and select commercial customers.

While MSTIC focuses on technical cyber threats and malicious actors, MTAC adds a geopolitical and influence-operations lens, analysing propaganda, coordinated information operations, and state-backed manipulation campaigns. MTAC combines human intelligence, language and regional expertise, influence-operations analysis, and technical telemetry to support the identification of domains and web properties associated with disinformation. Microsoft Advertising consumes regular domain and web-property intelligence feeds derived from this work to assist in detecting non-compliant ads and publishers across its network.

Microsoft Advertising also restricts advertising related to sensitive or high-profile events under its Critical Events policy. This policy allows Microsoft Advertising to remove or limit advertising in response to such events to prevent commercial exploitation and to protect user safety.

In addition, Microsoft Advertising has further optimised its detection methods to identify evolving tactics closely associated with disinformation, including misinformation and impersonation content. Microsoft Advertising’s approach prioritises early, preventive enforcement, with the objective of stopping non-compliant advertising content prior to delivery. As a result, a significant portion of enforcement actions now occur at or before demand creation, rather than after impressions or page views have occurred, reflecting platform improvements implemented during the reporting period to reduce user exposure to harmful or misleading content at the earliest possible stage.

As set out in QRE 1.1.1, Microsoft Advertising continues to evolve its disinformation-detection methods. In 2025, Microsoft Advertising expanded detection by applying Microsoft Threat Analysis Center (MTAC) services to support identification of domains associated with Foreign Information Manipulation and Influence (FIMI). MTAC operates within Microsoft’s coordinated threat-intelligence structure, alongside the Microsoft Threat Intelligence Center (MSTIC) and the Digital Crimes Unit (DCU). MTAC is Microsoft’s dedicated centre for detecting, assessing, and disrupting global digital threats, with a particular focus on foreign malign influence operations targeting customers, public institutions, and democratic processes, and it supports Microsoft, governments, and select commercial customers.

While MSTIC focuses on technical cyber threats and malicious actors, MTAC adds a geopolitical and influence-operations lens, analysing propaganda, coordinated information operations, and state-backed manipulation campaigns. MTAC combines human intelligence, language and regional expertise, influence-operations analysis, and technical telemetry to support the identification of domains and web properties associated with disinformation. Microsoft Advertising consumes regular domain and web-property intelligence feeds derived from this work to assist in detecting non-compliant ads and publishers across its network.

Microsoft Advertising also restricts advertising related to sensitive or high-profile events under its Critical Events policy. This policy allows Microsoft Advertising to remove or limit advertising in response to such events to prevent commercial exploitation and to protect user safety.

In addition, Microsoft Advertising has further optimised its detection methods to identify evolving tactics closely associated with disinformation, including misinformation and impersonation content. Microsoft Advertising’s approach prioritises early, preventive enforcement, with the objective of stopping non-compliant advertising content prior to delivery. As a result, a significant portion of enforcement actions now occur at or before demand creation, rather than after impressions or page views have occurred, reflecting platform improvements implemented during the reporting period to reduce user exposure to harmful or misleading content at the earliest possible stage.