Attackers behind a password-spraying campaign targeting Microsoft Office 365 accounts have amassed dozens of victims by abusing a deprecated feature in OAuth 2.0 to ...
Attackers used Azure CLI and ROPC to expose Microsoft 365 MFA gaps, showing why admins need tighter Conditional Access and ...
The attack abused misconfigured conditional access policies to bypass multi-factor authentication protections.
Microsoft will soon start rolling out Conditional Access policies requiring multifactor authentication (MFA) from administrators when signing into Microsoft admin portals such as Microsoft Entra, ...
You probably turned on multi-factor authentication (MFA) a while back, and if so, it was the right call at the time. After companies switched on the text-message codes and tap-to-approve prompts, ...
Louis Mastelinck previews common Entra ID pitfalls around authentication, Conditional Access, privilege and app consent.
Two new phishing kits, Jalisco and OmegaLord, have been discovered in attacks targeting Microsoft 365 accounts, using ...
Microsoft this week announced a new policy for compelling reauthentications for organizations using the Microsoft Entra Conditional Access service. The new policy, called "sign-in frequency -- every ...