Microsoft 365 Threats - ethan's notes

- [[Man-in-the-middle (MITM)]] # Solutions - Require access from registered devices. - Limit Registration - Force registration at a trusted location(with MFA) or remotely using a [[Temporary Access Pass (TAP)]] from an administrator. - [[Universal 2nd Factor (U2F)]] hardware tokens ([Yubikey - Microsoft Documentation](https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-passwordless#fido2-security-keys)) - [Enable passwordless security key sign-in](https://learn.microsoft.com/en-us/entra/identity/authentication/howto-authentication-passwordless-security-key) - Limit token lifetime for admin/high risk users - Limited IP access ## Maybe - Risk policy - [[Token Binding|Token Protection]] - [[Windows Hello for Business]]? ## Need to investigate - Blocking EntraID guest user application - Canary Token to detect EntraID login page cloned.([Canarytokens](https://canarytokens.com/generate))