Excellent idea and great work! I was playing around with this, wanted to
create a detection rule against but couldn't get UserID or DeviceID into
it.Any idea how to create a detection rule, for sure it will be a strong
one. Thank you for sharing this!
Link to Sentinel instance within the unified security operations
platformpoints to review.learn... it should point to
https://learn.microsoft.com/en-us/azure/sentinel/microsoft-sentinel-defender-portal
@Elisa_Lippincott
Has anyone tried this approach of using a custom CSS template in
Microsoft Entra ID Company Branding, to trigger a logic that detects
when a user visited a Microsoft login page via an AitM site / proxy ?
The process is explained here:AitM detection with Sentinel via custom
CSS (hybridbrothers.com) B...
Latest Comments