Comments (2)
  1. Egert Vero says:

    Great article! Thank You!

    Once questions. How will moving to 2016 ADFS prevent the brute force attack where are still Application that require basic authentication ?
    From my tests even if I use a the random password generated from MFA the account will still get blocked.

    Stop trying to give workarounds and push unnecessary updates that have a cost on the clients.

    The solution can be more simple,MS has to stop this traffic in the Exchange Online perimeter from being forwarded to my proxy servers or to offer the possibility for the clients to block it from the O365 tenant.

    This raises a big security flag for O365 platform? What is MS doing for not federated domains that live in Azure AD? Is letting the attack continue without blocking it?

  2. Michael Hall says:

    Good Article!!

Comments are closed.

Skip to main content