Never Trust, Always Verify: Analysis of Zero Trust Best Practices for Conditional Access

This study examines the effectiveness of Microsoft Entra's Conditional Access policies in thwarting adversarial bypass attempts, particularly in light of vulnerabilities exposed by recent high-profile breaches, such as those involving the Lapsus$ hacking group.

By

Glenn Andal

September 26, 2024

All papers are copyrighted. No re-posting of papers is permitted

Related Content

September 30, 2024

A Visual Summary of SANS CloudSecNext Summit 2024

Check out these graphic recordings created in real-time throughout the event for SANS CloudSecNext Summit 2024

CLD - Blog - Announcing the Biggest Update Ever to SEC510_340 x 340.jpg

September 18, 2024

Announcing the Biggest Update Ever to SEC510: Cloud Security Controls and Mitigations

SEC510 teaches the nuances between the Big 3 cloud providers and how to securely configure their platforms.

CLD_-_Blog_-_Cloud_Vendor_Integrations_Gone_Wrong_340_x_340.jpg

Cloud Vendor Integrations Gone Wrong

An organization should distrust external services at least as much, if not more so, than its internal systems and users.