- Ensure user accounts require MFA, favoring authentication apps and hardware tokens over SMS-based codes.
- As advised by Microsoft, treat Azure AD Connect as a Tier 0 server.
- Implement network segmentation to reduce the impact of a network compromise.
- Monitor for man-in-the-middle attacks and atypical network and account behavior.
- Follow the principle of least privilege to reduce the number of accounts with unnecessary access.
- Revoke session tokens when an account is compromised and reduce the duration of valid session tokens.
- Review additional technical analysis in the Sygnia blog post.
