Once inside, attackers can add new authentication methods to bypass existing ones, often with the goal of creating a rule to redirect certain mail so that the user or mailbox owner does not see it being sent.
Preventing AiTM attacks requires a combination of strategies
To prevent AiTM attacks, Microsoft recommends using security defaults as a basic set of policies to improve identity security posture. For more granular control, you’ll want to enable conditional access policies; implementing risk-based access policies is very helpful.
“Conditional access policies evaluate login requests using additional identity-driven signs such as user or group membership, IP location information, and device status, among others, and are enforced against suspicious logins,” according to Microsoft.
Source link