toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.

Administered by:

Server stats:

272
active users

#applications

7 posts6 participants0 posts today

𝗛𝗼𝘄 𝘁𝗼 𝗿𝗲𝗾𝘂𝗶𝗿𝗲 𝗰𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝘁 𝗱𝗲𝘃𝗶𝗰𝗲 𝗳𝗼𝗿 𝗮𝗽𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗮𝗰𝗰𝗲𝘀𝘀 𝗶𝗻 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗘𝗻𝘁𝗿𝗮 𝗜𝗗

Requiring a managed device to access Microsoft 365 services (or generally any apps/services integrated with Microsoft Entra ID) is a very effective method of phishing protection.

This is because in such a case it is not enough for a threat actor to obtain, for example, login credentials through phishing. It is not even enough to somehow obtain or bypass MFA. In such a case, the threat actor would also have to have a managed device from the organization’s tenant. Which should be unrealistic to obtain.

Thus, requiring access from a managed device is a very effective and powerful method of protecting corporate identity. And yet it shouldn’t be too complicated to deploy, since corporate devices should be managed anyway.

📺 Watch my YouTube video on how to require compliant devices via conditional access policies in Microsoft Entra ID 👇 👇
youtu.be/mH-8x29xdW0