This is the third and last part of our series about how to bypass MFA in Azure and O365. In this article, we share our advice on how you defend your organization against the attacks we described in parts 1 and 2.
SecWise has seen a growing number of attacks that rely on the application consent default configuration in Azure AD, which allows threat actors to get access to users’ data, mails and more. It is strongly advised to turn off this feature as soon as possible!
When talking to customers about Microsoft 365 security, we often kick off with reviewing the security of Azure Active Directory. Whether you are using O365 (E1 or E3), Intune (or any other product from the EMS Suite) or Azure IaaS and PaaS services, you already have Azure Active Directory! In this blogpost, we highlight the most important Azure AD features that you should be aware of.