Mitigating Azure AD and Outlook Vulnerabilities
with Next Level3 JIT Access
Exploring the vulnerabilities
In light of the emerging security issues, Microsoft is confronted with serious vulnerabilities in both its Outlook service (CVE-2023-23397) and Azure Active Directory (Azure AD). Threat actors have exploited these vulnerabilities to carry out advanced cyber-attacks. This article delves into these vulnerabilities and how Next Level3 Solutions proactively mitigate these threats, leveraging Azure’s Protected Actions feature.
Implementing Next Level3's Security Solutions
How Protected Actions Work
The implementation of Azure’s Protected Actions feature follows a three-step process:
This involves setting up ‘regular’ Conditional Access (CA) policies and migrating trusted IPs from the legacy MFA portal to ‘Named Locations’ in Azure AD.
This step requires configuring Protected Actions and Conditional Access Rule, involving the creation of a new ‘Authentication Context’ and tagging the action with the Authentication Context.
- Administrator Experience and Logging
This involves testing the behavior from the user who is included in the rule and has the ‘Conditional Access Administrator’ role. By using ‘Authentication Context’, ‘Protected Actions’, and ‘Conditional Access’, administrators can execute specific actions from a particular device or with a specific method.
Next Level3’s products, combined with Azure’s new Protected Actions feature, form a robust defense mechanism to prevent the exploitation of vulnerabilities such as CVE-2023-23397 and the Azure AD flaw. These tools promote a proactive approach to security and offer comprehensive protection, ensuring the integrity and confidentiality of sensitive information and operations.
Contact us today to find out more about how we can prevent your organization from these and other type of attacks.