August 25, 2021
min read


That’s the sign cybercriminals are posting as they bait and hook unsuspecting Microsoft 365 users. Using “look-a-like” and “looks-legit” emails as bait, these 'phishers' hope to catch usernames and passwords that could be used to steal or extort money from corporations and their customers around the world.

The FBI reported that phishing incidents increased by almost 50% last year, up from 114,702 attacks in 2019 to 241,324 in 2020. These phishing schemes can be very costly for businesses without proper protections in place. Recent news reports about companies paying millions of dollars to retrieve stolen data or gain access back into their operating systems should concern companies of all sizes.

Luckily for organizations using Microsoft 365, Azure Active Directory (Azure AD) provides integrated security tools to help mitigate these types of attacks.

How Active Directory’s Malicious Sign-In Detection Helps Prevent Phishing

A phishing email will always contain a link that takes the unsuspecting user to a legitimate looking sign-in page. The user believes this is the real Microsoft login page because it’s made to look identical. However, once they enter their username and password, the hackers have stolen that information and now have access to all the user’s data, including their contact list. Next, the hackers pose as one of those trusted contacts in order to gain even more confidential information.

Azure Active Directory and its built-in Identity Protection detects suspicious phishing and sign-in attempts using the following alerts:

  • Anonymous IP Address Detection – any sign-in attempt from an anonymous address
  • Atypical Travel Detection – when two sign-ins from one user happen in different parts of the world, especially a place the legitimate user has not traveled to in the past or when there hasn’t been enough time for a user to travel to the other location
  • Malware Linked IP Address Detection – a sign-in originating from an IP address that is infected with any type of malware or that is communicating with a bot server
  • Suspicious Browser Detection – atypical sign-in attempts from multiple countries using the same browser
  • Unfamiliar Sign-In Properties Detection – sign-in attempts that don’t match previous logins according to IP location
  • Malicious IP Address Detection – a sign-in attempt from an IP address with high failure rates

Azure AD Threat Intelligence Detection – any unusual sign-in activity against a pre-determined behavioral analysis

There are other safeguards that Active Directory’s Identity Protection provides in addition to these, including leaked credentials and other types of user risk. A full list can be found here. And in March of this year, Microsoft announced its “Zero Trust” security model, which seeks to provide additional online security and protection by using the internet as the default network with a strong identity, device health enforcement, and least privilege access.

When enterprise data is compromised, it can take months to find out — and even longer to track down the cause. For an even stronger layer of protection against phishing attacks and other cybercrimes, check out CoreSuite, CoreView’s SaaS management platform for Microsoft 365. Better yet why not take our free Microsoft 365 Health Check right now?

Get a personalized demo today

Created by M365 experts, for M365 experts.