Forum Discussion
O365 email account compromised despite MFA
Hi all, So one of my users clicked on a link in a suspicious email. A few days later emails were being sent out to all contacts from their account. Azure sign-in logs showed that access was from a ...
SlevinKelevra recently attacker is able to steal a token, by hijacking or replay, they can impersonate their victim until the token expires or is revoked, by this they can bypass MFA. Microsoft recently introduced the token protection to protect your users from getting MFA by passed.
check the below to know how to configure it step by step
Token protection in Azure AD Conditional Access - Microsoft Entra | Microsoft Learn