You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
entra id conditional access
About this tag
Entra ID Conditional Access is a Microsoft Entra feature that enforces access policies based on user, device, location, and risk signals. Discussions on WindowsForum highlight its role in mitigating advanced phishing attacks, such as Kali365, which abuses OAuth device-code flows to bypass multifactor authentication. Users explore how Conditional Access policies can block device-code authentication, require compliant devices, or enforce session controls to counter token theft. The tag covers configuration best practices, policy design for zero-trust environments, and integration with Microsoft 365 security features. Common themes include troubleshooting policy conflicts, balancing security with user experience, and adapting policies to emerging threats like phishing-as-a-service platforms.
Huntress says an automated password-spray campaign that began on June 12, 2026, targeted Microsoft Azure CLI authentication and produced more than 81 million login attempts, compromising 78 Microsoft accounts across 64 organizations by late June. The campaign is not remarkable because password...
The FBI’s Internet Crime Complaint Center warned in May 2026 that Kali365, a phishing-as-a-service platform first seen in April, is targeting Microsoft 365 users by abusing OAuth device-code authentication to capture access tokens and bypass multifactor authentication without stealing passwords...