July 23, 2024 at 03:52PM Microsoft’s Windows Hello for Business (WHfB) authentication, previously believed to be resistant to phishing, was found vulnerable to downgrade attacks. Security researcher Yehuda Smirnov discovered the flaw, leading to a fix by Microsoft. The company introduced a new Conditional Access policy to enforce phishing-resistant authentication, safeguarding against downgraded methods. From … Read more
July 11, 2024 at 11:20AM Microsoft introduces new SSE offerings as part of the Entra Suite, providing secure access to cloud and enterprise applications. These include Entra Internet Access for SaaS applications and Entra Private Access for enterprise applications. The suite integrates with network security controls, offering a unified approach to conditional access. Microsoft plans … Read more
May 17, 2024 at 03:00PM Microsoft will soon enforce multi-factor authentication (MFA) for all Azure users administering resources, starting with the Azure portal. This will later extend to CLI, PowerShell, and Terraform. Certain accounts for automation won’t be affected, and admins are urged to enable MFA beforehand. MFA has proven to significantly enhance account security. … Read more
November 7, 2023 at 12:49PM Microsoft is introducing three new Conditional Access policies to promote multi-factor authentication (MFA) in organizations. The policies will be deployed in report-only mode, giving customers 90 days to review and opt out if needed. The first policy requires MFA for privileged admin accounts accessing Microsoft admin portals. The other two … Read more
November 6, 2023 at 03:05PM Microsoft will be implementing Conditional Access policies that require multifactor authentication (MFA) from administrators when logging into Microsoft admin portals. These policies will also require MFA for cloud apps and high-risk sign-ins. Admins will have 90 days to review and enable these policies. Microsoft recommends opting for MFA to protect … Read more