CybercrimeSecurity

How to defend Microsoft networks from adversary-in-the-middle attacks

Once inside, attackers can add new authentication methods to bypass those already in place, often with the goal of building a rule to divert certain mail so that the user or owner of the mailbox doesn’t see it being sent.

Preventing AiTM attacks requires a combination of techniques

To prevent AiTM attacks, Microsoft recommends using security defaults as a baseline set of policies to improve identity security posture. For more granular control, you’ll want to enable conditional access policies; implementing risk-based access policies is particularly helpful.

“Conditional access policies evaluate sign-in requests using additional identity-driven signals like user or group membership, IP location information, and device status, among others, and are enforced for suspicious sign-ins,” according to Microsoft.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button