Vulnerability Mitigation - Securing Entra and Outlook
In light of the emerging security issues, Microsoft is confronted with serious vulnerabilities in both its Outlook service (CVE-2023-23397) and Entra Active Directory (Azure AD). Discover how using JIT Access and PAM can prevent a variety of CVE’s and attacks.
Exploring the vulnerabilities
In light of the emerging security issues, Microsoft is confronted with serious vulnerabilities in both its Outlook service (CVE-2023-23397) and Entra Active Directory (Azure AD). Threat actors have exploited these vulnerabilities to carry out advanced cyber-attacks. This article delves into these vulnerabilities and how Next Level3 JIT Access and JIT Policies framework proactively mitigate these threats, leveraging Azure’s Protected Actions feature.
How our JIT Identity solutions solve the problem
Next Level3’s security solutions are designed to address and prevent vulnerabilities such as CVE-2023-23397 and Azure AD flaw. They focus on three core areas: enhancing security protocols, improving existing infrastructure, and promoting a proactive approach to identifying and mitigating threats.
How Protected Actions Work
The implementation of Entra’s Protected Actions feature follows a three-step process:
This involves setting up ‘regular’ Conditional Access (CA) policies and migrating trusted IPs from the legacy MFA portal to ‘Named Locations’ in Entra (Azure AD).
This step requires configuring Protected Actions and Conditional Access Rule, involving the creation of a new ‘Authentication Context’ and tagging the action with the Authentication Context.
- Administrator Experience and Logging
This involves testing the behavior from the user who is included in the rule and has the ‘Conditional Access Administrator’ role. By using ‘Authentication Context’, ‘Protected Actions’, and ‘Conditional Access’, administrators can execute specific actions from a particular device or with a specific method.
Next Level3’s products, combined with Entra’s new Protected Actions feature, form a robust defense mechanism to prevent the exploitation of vulnerabilities such as CVE-2023-23397 and the Entra AD flaw. These tools promote a proactive approach to security and offer comprehensive protection, ensuring the integrity and confidentiality of sensitive information and operations.
Automatic push attack aware protection without codes
Use your existing mobile or web FIDO2 supported devices
Why choose Next Level3?
Passwordless Identity seamlessly connected to your existing identity infrastructure.
Redefine account control for your organization solving critical internal use cases.
Enable customized approvals for any application action preventing fraud and extending biometric protections into your application use cases.