Nuno Brites
@nunobrites.bsky.social
Reposted by Nuno Brites
This is important to understand. If a conditional access policy blocks a bad actor the account credentials are compromised.
You SOC should act accordingly.
You SOC should act accordingly.
This provides important insights 💡
CA policies cannot block anything until AFTER authentication occurs
This means CA cannot help with password spray/credential stuffing. This is why we have Password Protection and Smart Lockout.
learn.microsoft.com/...
learn.microsoft.com/...
CA policies cannot block anything until AFTER authentication occurs
This means CA cannot help with password spray/credential stuffing. This is why we have Password Protection and Smart Lockout.
learn.microsoft.com/...
learn.microsoft.com/...
Password protection in Microsoft Entra ID - Microsoft Entra ID
Learn how to dynamically ban weak passwords from your environment with Microsoft Entra Password Protection
learn.microsoft.com
January 25, 2025 at 7:05 AM
This is important to understand. If a conditional access policy blocks a bad actor the account credentials are compromised.
You SOC should act accordingly.
You SOC should act accordingly.