Microsoft Entra Conditional Access Policies (CAPs), a core security control for Azure and Microsoft 365 tenants, were recently found vulnerable to a bypass technique involving Nested App Authentication (NAA), according to research disclosed by NetSPI. CAPs are widely deployed to enforce strong authentication requirements such as multi-factor authentication, device compliance, and location-based restrictions. They are […]
The post Microsoft Entra Conditional Access Policies Can Be Bypassed Via Nested App Authentication appeared first on Cyber Security News.