Tag

mfa

6 articles

  1. Conditional Access enforcement changes June 15: check your exceptions now

    Apps could bypass Conditional Access by requesting minimal sign-in scopes. Non-excluded apps slipped through silently for years. Starting June 15, that stops.

  2. AiTM Phishing Exposed (2/2): Stop Session Hijacking

    Stop AiTM session hijacking with FIDO2, CAE, and token protection. Microsoft 365 configuration guide with 2 Sentinel queries and 7-step incident response.

  3. AiTM Phishing Exposed (1/2): How Session Hijacking Works

    AiTM phishing doesn't bypass MFA. It waits for MFA to succeed, then takes what comes next. This is how the attack works and why standard MFA provides no protection against it.

  4. Social Engineering Exposed (3/3): Defence That Works

    MFA alone won't stop a helpdesk attack. Here's what actually does: the process changes, Entra ID settings, and monitoring that holds up under pressure.

  5. Social Engineering Exposed (2/3): The Helpdesk Attack

    Attackers don't break MFA. They call your helpdesk and get it reset. Here's what that looks like in Entra ID, and why most tenants aren't built to catch it.

  6. Social Engineering Exposed (1/3): How attackers get in without breaking anything

    MGM lost $100M. Odido lost 6.2M records. Uber's systems went dark. None required a technical exploit. Just a phone call. Here's how it works.
← All articles