Forum Discussion
Security Issues, Need Recommendations
Twice in 2 months we have had a compromised user that then sends out an email with an attachment. Another user opens and it asks for the username and password, compromising the next user. We have MFA setup for all users, but attackers are getting around this. Would enabling P2 licensing help at all? We are looking for a stop gap until we can get passwordless phishing resistant logins in place. Or should we just establish that immediately? What CA policies can I quickly enable to protect us more without causing work stoppages? We have geographical enabled along with blocking legacy authentication.
What is the quickest way to setup passwordless phishing resistance? That is the best way to solve this, correct? We have scanning on for all attachments and downloads... MFA on, etc. I am not sure how this is getting by Microsoft's Defender? Any help is appreciated.
- Have you considered anti phishing policies in Microsoft 365? https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-phishing-policies-about?view=o365-worldwide
- If you've got MFA enabled and they're still getting access, it's probably due to token hijacking. John Hammond explains it well here:
https://www.youtube.com/watch?v=sZ22YulJwao
As such, as well as implementing anti-phishing policies like rahuljindal has recommended, you should maybe consider a CA policy for device compliancy. Merill also has a good video on this here for you:
https://www.youtube.com/watch?v=tI1bdVohOK8
Thanks 🙂
