Forum Discussion
Solved
Guest access process
Hey guys,
I have today a special question. We have of course mfa enabled for guest user access. Now we had a special case: a user added a guest to a project in teams. The guest user got a invitation - so far so good. Now the guest user mail account was hacked and a hacker has taken the invitation and added the MFA by themselves. Do you had a case like this? Any ideas how we can prevent something like this? Actually I was thinking about a process - but I also think that’s very complicated for the end user.
I am thankful for all ideas!
I have today a special question. We have of course mfa enabled for guest user access. Now we had a special case: a user added a guest to a project in teams. The guest user got a invitation - so far so good. Now the guest user mail account was hacked and a hacker has taken the invitation and added the MFA by themselves. Do you had a case like this? Any ideas how we can prevent something like this? Actually I was thinking about a process - but I also think that’s very complicated for the end user.
I am thankful for all ideas!
- Oh and btw, you mentioned what you can do about it too. I suggest, if you have the proper license to have a closer look at Identity Protection https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection
Highlighting this for ex.
Identity Protection identifies risks of many types, including:
Anonymous IP address use
Atypical travel
Malware linked IP address
Unfamiliar sign-in properties
Leaked credentials
Password spray
and more...
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection#risk-detection-and-remediation
The365Guy As the intrusion and takeover of the account belongs to another org. it should be that org. taking security actions in their environment to prevent this from happening. As for the scenario you describing I would terminate the guest account asap.
Revoke user access in an emergency in Azure Active Directory | Microsoft Docs
- I agree with you and we did this when we found out that this happened. I know this question is very special.
- Oh and btw, you mentioned what you can do about it too. I suggest, if you have the proper license to have a closer look at Identity Protection https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection
Highlighting this for ex.
Identity Protection identifies risks of many types, including:
Anonymous IP address use
Atypical travel
Malware linked IP address
Unfamiliar sign-in properties
Leaked credentials
Password spray
and more...
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection#risk-detection-and-remediation
