-
Notifications
You must be signed in to change notification settings - Fork 5
Entra ID Reduce the chance of successful password sprays
This involves setting up password protection policies that prevent the use of weak or commonly used passwords, which are easily exploited during password spray attacks. link
This policy requires users to complete MFA when a sign-in attempt is deemed risky, such as sign-ins from new devices or locations. link
Similar to sign-in risk policies, user risk policies require users to perform actions like password changes or MFA if their account exhibits behaviors indicative of being compromised. link
A baseline policy that mandates MFA for all users to reduce the likelihood of unauthorized access. link
Conditional Access with Defender for Endpoint allows for the evaluation of device risk during the sign-in process, ensuring that only secure devices can access corporate resources. link
This policy restricts access to corporate resources to devices that meet your organization’s compliance standards, such as having up-to-date antivirus software or being managed by your organization. link
Legacy authentication protocols do not support MFA, making them vulnerable to password spray attacks. Blocking these protocols enhances security. link
Identifying and restricting access to PowerShell endpoints that are commonly targeted in password spray attacks can further protect against unauthorized access attempts. link
- Password spray investigation
- Azure AD and ADFS best practices: Defending against password spray attacks
- Detect password spray in Azure Identity Protection
- Alert classification for password spray attacks
- Protect your business from password sprays with Microsoft DART recommendations
- Hunting for Low and Slow Password Sprays Using Machine Learning
- Your Pa$$word doesn't matter