Jun 27 2020 01:33 PM
a recent RiskyBiz podcast described ongoing OAuth phishing attacks and they claim that the only way to prevent this is with MCAS and an E5 license, see https://risky.biz/newsletter15/ for the details. Is their explanation correct?
Jun 28 2020 01:18 AM
I would essentially disagree with the statement that having MCAS is the only way you can prevent this. I agree that it can certainly help, and I always say that if you can afford MCAS, then get MCAS as it is an awesome tool.
However, the links provided in the article including https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/detect-and-remediate-ill... and https://docs.microsoft.com/en-us/cloud-app-security/investigate-risky-oauth and https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/manage-consent-requests all show techniques that can help you to identify and prevent such attacks.
So in my opinion, this can be done without MCAS, but MCAS will make it a hell of a lot easier for you.
Jun 29 2020 05:40 AM