Professional Documents
Culture Documents
accounts
-AuditAdmin @()
Offers Brief Recommendations to Attempts to Thwart Many Types of Some advanced capabilities available with
Leverage Access Password Attacks more expensive user licenses
ICROSOFT 365
M
PASSWORD ATTACKS Account Lockout: Disable Login for
Universally applied across accounts Azure Smart Lockout Single Account After multiple failed attempts
Basic MFA is Effective
Doesn't always meet business needs After 10 login failures regardless of
username
Permit exceptions to MFA requirements Source Blocking: Don't Allow IP to Login
After 3 login failures for Azure .gov
Geolocation
Smart Lockout Defeats Common Spray
IP addresses or ranges of IP addresses MFA Bypass Attacks ... when originating from a single source IP
Conditional Access (CA)
Specific platforms
Amazon AWS Service
Legacy systems
Maps a single hostname to multiple
microservices
Looking for opportunities to login Attackers Use Valid Credentials with
without MFA MFA
HTTP Service for API Connectivity Each worker has a unique IP
Attacker submits HTTP requests through FireProx Creates the AWS API Gateway Attacker can proxy requests to target
FireProx HTTP endpoint
AWS API Gateway hostname Endpoint ttackers will use cloud services
A
against your organization
enerates URL like https://7t4id9w399.
G AWS API GW forwards attacker request
execute-api.us-east-1.amazonaws.com/ Attacker Opportunity to Masquerade IP through worker
fireprox/
ttackers can be very crafty in
A
Integrates with MSOLSpray Each request will come from a different
how they implement attacks
Specify FireProx API URL with source IP address
MSOLSpray -URL parameter