When looking at security measures in Microsoft Entra ID environments, a common recommendation is to implement Conditional Access policies.
Whether Conditional Access is implemented can be quickly checked, and you can put a check mark next to it in your best-practice compliance form. However, simply implementing conditional access will not provide much security. A phishing attack that we recently analyzed highlights this very well.
Continue reading “Insights into Entra ID’s (Un)Conditional Access”
Continue reading