Prevent MFA Abuses Caused by Conditional Access
Threat actors are exploiting conditional access policies to register their own MFA methods and maintain persistent access. This best practices guide shows you how to shut them down before they get in.
Key insights
- MFA registration without controls can enable attackers to create their own MFA methods
- These MFA methods can then be used to access other applications
- With the right configuration, you can block MFA enrollment from untrusted networks and stay secure
