5 min read
The Future of MSPs: Unlocking Business Value, Not Just Managing IT
In this CloudCapsule Partner Spotlight, we jumped into a great conversation with Joe Markert, CEO of TransformITive, and Robby Prochnow,...
In a previous post, I walked you through an incident response playbook for Token Theft via AiTM. This playbook can be leveraged for BEC incidents as well. Today’s deep dive is going to look at proactive protections you can put into place to PREVENT these attacks altogether. We will be focusing on Conditional Access Policies you can implement. In future post, I will walk through the protections across the entire kill chain of a AiTM/BEC attack that goes beyond Conditional Access.
The policies we are going to look at focus in on preventing both the initial token harvesting as well as the token replay. It’s fair to say that every one of these policies carries some significant end-user impact if some of the pre-requisites are not in place. We will be walking through each of those considerations in this blog.
The short snippet shows me leveraging Evilginx to generate a malicious AiTM page that harvest session tokens from a user logging in.
If Hybrid:
If Cloud Only:
** Same as managed device**
Prerequisites:
Conditional Access Policy Settings
Full Breakdown: Breaking Down Token Protection In Conditional Access – TMinus365
Full Breakdown: What is Global Secure Access? – Global Secure Access | Microsoft Learn
I hope this provided more insight into some token protection policies you can put into place. Some final thoughts on best practices:
5 min read
In this CloudCapsule Partner Spotlight, we jumped into a great conversation with Joe Markert, CEO of TransformITive, and Robby Prochnow,...
4 min read
Earlier this year, Microsoft made the E5-Security add-on available for Business Premium subscribers. It’s packed with a ton of amazing...
2 min read
{% video_player "embed_player" overrideable=False, type='hsvideo2', hide_playlist=True, viral_sharing=False, embed_button=False, autoplay=False,...