Forum Discussion
Security Issues, Need Recommendations
Twice in 2 months we have had a compromised user that then sends out an email with an attachment. Another user opens and it asks for the username and password, compromising the next user. We have M...
Have you considered anti phishing policies in Microsoft 365? https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-phishing-policies-about?view=o365-worldwide
If you've got MFA enabled and they're still getting access, it's probably due to token hijacking. John Hammond explains it well here:
https://www.youtube.com/watch?v=sZ22YulJwao
As such, as well as implementing anti-phishing policies like rahuljindal has recommended, you should maybe consider a CA policy for device compliancy. Merill also has a good video on this here for you:
https://www.youtube.com/watch?v=tI1bdVohOK8
Thanks 🙂
https://www.youtube.com/watch?v=sZ22YulJwao
As such, as well as implementing anti-phishing policies like rahuljindal has recommended, you should maybe consider a CA policy for device compliancy. Merill also has a good video on this here for you:
https://www.youtube.com/watch?v=tI1bdVohOK8
Thanks 🙂