{"id":125414,"date":"2023-01-26T10:00:00","date_gmt":"2023-01-26T18:00:00","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=125414"},"modified":"2023-05-15T22:57:18","modified_gmt":"2023-05-16T05:57:18","slug":"2023-identity-security-trends-and-solutions-from-microsoft","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/26\/2023-identity-security-trends-and-solutions-from-microsoft\/","title":{"rendered":"2023 identity security trends and solutions from Microsoft"},"content":{"rendered":"\n<p>Welcome to 2023! I wanted to kick this year off by having a quick look at the trends in <a href=\"https:\/\/www.microsoft.com\/security\/business\/microsoft-entra\">identity security<\/a>, what you can do about it, and what Microsoft is doing to help you. One of the things we talk about on the team is \u201cshiny object syndrome\u201d\u2014there are a ton of innovative and scary attacks and research out there. Unfortunately, each one tends to pull us into \u201cbut what about\u2026\u201d where we\u2019re being asked how we will handle the nascent headline grabber. This approach can whipsaw teams and prevent the completion of our defense projects, leaving us exposed to old and new ones.<\/p>\n\n\n\n<p>Attackers will innovate\u2014our response in the defender community needs to be thoughtful and strategic. But we don&#8217;t need to panic. We can take as an example ransomware attacks. These are scary and grab headlines because of crippling work stoppages or huge ransoms. But <a href=\"https:\/\/expertinsights.com\/insights\/50-identity-and-access-security-stats-you-should-know\/#:~:text=The%20Frequency%20Of%20Identity%20And%20Access%20Breaches,-61%25%20of%20all&amp;text=According%20to%20the%20Identity%20Defined,in%20the%20last%20two%20years.\" target=\"_blank\" rel=\"noreferrer noopener\">recent studies by Expert Insights<\/a> confirm what we\u2019ve known for ages\u2014more often than not, attacks like ransomware are the second stage, predicated by an identity compromise. In fact, if you read all the attention-grabbing headlines, you\u2019ll find that most novel techniques rely on compromising identity first. This shows the importance of getting our identity basics right and keeping our eyes on the ball.<\/p>\n\n\n\n<p>Pamela Dingle gave a keynote at Authenticate 2022 in which she discussed identity attacks in terms of waves (and has <a href=\"https:\/\/www.linkedin.com\/pulse\/navigating-ever-evolving-authentication-landscape-pamela-dingle\" target=\"_blank\" rel=\"noreferrer noopener\">recapped on LinkedIn<\/a>\u2014if you haven&#8217;t read it, you should). She was kind enough to let me weigh in, and I\u2019m going to borrow the paradigm to frame our guidance. Pam likened escalating identity attacks to threats in a voyage in her talk. These threats decrease in volume as they increase in sophistication and novelty:&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"450\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/Picture2.jpg\" alt=\"Graphic detailing three different waves of identity attacks. First is password attacks, which consist of breach replay, password spray, and phishing. Next is multifactor authentication attacks, which includes SIM-jacking, multifactor authentication fatigue, adversary in the middle. Third is post-authentication attacks, including token theft and consent phishing.\" class=\"wp-image-125537\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/Picture2.jpg 800w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/Picture2-300x169.jpg 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/Picture2-768x432.jpg 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/Picture2-687x385.jpg 687w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/Picture2-767x431.jpg 767w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/Picture2-539x303.jpg 539w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/figure>\n\n\n\n<p>This is an awesome frame for thinking through the attacks, so we\u2019ll use it here to complement her blog with concrete features and guidance. I am adding one more threat to her framework\u2014the critical importance of posture agility that helps us deal with the next \u201crogue wave.\u201d Hopefully, this framing will help you build out a strategic approach that addresses the critical issues you are facing now, help you invest thoughtfully for emerging threats, and set you up for defensive agility in the year ahead. Let\u2019s dive in.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Password attacks<\/h2>\n\n\n\n<p>Simple password attacks are pervasive. They are the water we swim in. I detail these extensively in <a href=\"https:\/\/aka.ms\/yourpassword\" target=\"_blank\" rel=\"noreferrer noopener\">&#8220;Your Password Doesn&#8217;t Matter<\/a>.&#8221; The dominant three attacks are:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Password spray<\/strong>: Guessing common passwords against many accounts.<\/li>\n\n\n\n<li><strong>Phishing<\/strong>: Convincing someone to type in their credentials at a fake website or in response to a text or email.<\/li>\n\n\n\n<li><strong>Breach replay<\/strong>: Relying on pervasive password reuse to take passwords compromised on one site and try them against others.<\/li>\n<\/ul>\n\n\n\n<p>These attacks are effectively free to execute on a massive scale. As a result, Microsoft deflects <strong>more than 1,000 password attacks per second<\/strong> in our systems, and more than 99.9 percent of accounts that are compromised don&#8217;t have <a href=\"https:\/\/www.microsoft.com\/security\/business\/identity-access\/azure-active-directory-mfa-multi-factor-authentication\">multifactor authentication<\/a> enabled. Multifactor authentication is one of the most basic defenses against identity attacks today, and despite relentlessly advocating multifactor authentication usage for the past six years, including it in every flavor of <a href=\"https:\/\/www.microsoft.com\/security\/business\/identity-access\/azure-active-directory\">Microsoft Azure Active Directory<\/a> (Azure AD), and innovating in mechanisms from <a href=\"https:\/\/www.microsoft.com\/security\/mobile-authenticator-app\">Microsoft Authenticator<\/a> to FIDO, only 28 percent of users last month had any multifactor authentication session. With such low coverage, attackers increase their attack rate to get what they want. The adoption rate is a demonstration of a critical issue I will return to in this blog\u2014in most organizations, budgets and resources are tight, security staff is overwhelmed, and shiny object syndrome pulls us in many directions, preventing the closure of issues.<\/p>\n\n\n\n<p><strong>Driving more multifactor authentication usage is the most important thing we can do<\/strong> for the ecosystem, and if you aren\u2019t yet requiring <a href=\"https:\/\/aka.ms\/enablemfa\" target=\"_blank\" rel=\"noreferrer noopener\">multifactor authentication<\/a> for all users, enable it. Old-fashioned, bolt-on multifactor authentication was clunky, requiring copying codes from phone to computer and getting multiple prompts. Modern multifactor authentication using apps, tokens, or the device itself is very low friction or even invisible to the users. Old-fashioned multifactor authentication had to be bought and deployed separately and at additional cost. Modern multifactor authentication is included in all SKUs, deeply integrated into Azure AD, and requires no additional management.<\/p>\n\n\n\n<p>Our strong position is that all user sessions should be multifactor authentication protected, and we are doing all we can to get there. This is why all new tenants created since 2019 have multifactor authentication enabled by default, and why we are now <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/microsoft-entra-azure-ad-blog\/raising-the-baseline-security-for-all-organizations-in-the-world\/ba-p\/3299048\" target=\"_blank\" rel=\"noreferrer noopener\">turning on multifactor authentication<\/a> on behalf of tenants who have not demonstrated interest in their security settings.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Multifactor authentication attacks<\/h2>\n\n\n\n<p>If you have enabled multifactor authentication, you can pat yourself on the back and be happy that you\u2019ve effectively deflected the dominant identity attacks. While still far less than the 100 percent we are striving for, the 28 percent of users who are now protected with multifactor authentication include some who are targets for attackers. To get to these targets, attackers have to <a href=\"https:\/\/aka.ms\/allyourcreds\" target=\"_blank\" rel=\"noreferrer noopener\">attack multifactor authentication itself<\/a>.<\/p>\n\n\n\n<p>Examples here include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SIM-jacking and other telephony vulnerability attacks (why we\u2019re asking you to <a href=\"https:\/\/aka.ms\/hangup\" target=\"_blank\" rel=\"noreferrer noopener\">hang up on telephony multifactor authentication<\/a>).<\/li>\n\n\n\n<li><a href=\"https:\/\/techcommunity.microsoft.com\/t5\/microsoft-entra-azure-ad-blog\/defend-your-users-from-mfa-fatigue-attacks\/ba-p\/2365677\" target=\"_blank\" rel=\"noreferrer noopener\">Multifactor authentication hammering<\/a> or griefing attacks, which is why we\u2019re asking you to <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/microsoft-entra-azure-ad-blog\/advanced-microsoft-authenticator-security-features-are-now\/ba-p\/2365673\" target=\"_blank\" rel=\"noreferrer noopener\">move away from simple approvals<\/a>.<\/li>\n\n\n\n<li>Adversary-in-the-middle attacks, which trick users into doing the multifactor authentication interaction. This is why <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/microsoft-entra-azure-ad-blog\/authentication-strength-choose-the-right-auth-method-for-your\/ba-p\/2365674\" target=\"_blank\" rel=\"noreferrer noopener\">phishing-resistant authentication<\/a> is critical, especially for key assets.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/Picture3-1024x576.png\" alt=\"This chart details Azure AD Identity Protection sessions at high risk with multiple failed multifactor authentication attempts and how they have increased month over month. 58 percent of attempts are voice, 38 percent are push notifications, and 3 percent are SMS.\" class=\"wp-image-125538\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/Picture3-1024x576.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/Picture3-300x169.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/Picture3-768x432.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/Picture3-1536x864.png 1536w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/Picture3-2048x1152.png 2048w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/Picture3-687x385.png 687w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/Picture3-1083x609.png 1083w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/Picture3-767x431.png 767w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/Picture3-539x303.png 539w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Note these attacks require more effort and attacker investment, and as a result are detected in the tens of thousands per month\u2014not thousands per second. But all the attacks mentioned are on the rise, and we expect to see that continue as basic multifactor authentication coverage increases.<\/p>\n\n\n\n<p>To defeat these attacks, it is critical not just to use multifactor authentication, but to use the right multifactor authentication. We recommend Authenticator, Windows Hello, and FIDO. For organizations with existing personal identity verification card and common access card (PIV and CAC) infrastructure, <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/microsoft-entra-azure-ad-blog\/azure-ad-certificate-based-authentication-cba-on-mobile\/ba-p\/2365672\" target=\"_blank\" rel=\"noreferrer noopener\">certificate-based authentication<\/a> (CBA) is a good phishing-resistant (and executive order-compliant) solution. Bonus: All of these methods are considerably easier to use than <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/microsoft-entra-azure-ad-blog\/end-user-passwordless-utopia\/ba-p\/2144517\" target=\"_blank\" rel=\"noreferrer noopener\">passwords or telephony-based multifactor authentication<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Post-authentication attacks<\/h2>\n\n\n\n<p>Determined attackers are using malware to <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2022\/11\/16\/token-tactics-how-to-prevent-detect-and-respond-to-cloud-token-theft\/\">steal tokens<\/a> from devices\u2014allowing a valid user to perform valid multifactor authentication on a valid machine, but then using credential stealers to take the cookies and tokens and use them elsewhere. This method is on the rise and has been used in recent high-profile attacks. Tokens can also be stolen if incorrectly logged or if intercepted by compromised routing infrastructure, but the most common mechanism by far is malware on a machine. If a user is running as admin on a machine, then they are just one click away from token theft. Core <a href=\"https:\/\/aka.ms\/zerotrust\">Zero Trust<\/a> principles like running effective endpoint protection, managing devices, and, critically, using least privileged access (meaning, run as a user, not an admin, on your machines) are great defenses. Pay attention to signals that indicate that <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/microsoft-entra-azure-ad-blog\/holistic-compromised-identity-signals-from-microsoft\/ba-p\/2365683\" target=\"_blank\" rel=\"noreferrer noopener\">token theft is occurring<\/a>, and require re-authentication for critical scenarios like <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/microsoft-entra-azure-ad-blog\/new-require-reauthentication-for-intune-enrollment-or-risk\/ba-p\/3299049\" target=\"_blank\" rel=\"noreferrer noopener\">machine enrollment<\/a>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/Graph.png\" alt=\"This chart details the increase in token replay attacks we\u2019ve detected with Azure AD Identity Protection. These attacks have gone from 31,000 in June 2021, to over 59,000 in August of 2022.\" class=\"wp-image-125551\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/Graph.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/Graph-300x169.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/Graph-768x432.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/Graph-687x385.png 687w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/Graph-767x431.png 767w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/Graph-539x303.png 539w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Another bypass attack is <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/07\/14\/microsoft-delivers-comprehensive-solution-to-battle-rise-in-consent-phishing-emails\/\">OAuth consent phishing<\/a>. This is where someone tricks an existing user into giving an application permission to access on their behalf. Attackers send a link asking for consent (\u201cconsent phishing\u201d) and if the user falls for the attack, then the app can access the user\u2019s data even when the user is not present. Like other attacks in this category, they are rare but increasing. We strongly recommend inspecting what apps your users are consenting to and limiting consent to <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/active-directory\/develop\/publisher-verification-overview\" target=\"_blank\" rel=\"noreferrer noopener\">applications from verified publishers<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Infrastructure compromise<\/h2>\n\n\n\n<p>As you get more effective at using identity to secure your organizations and build your Zero Trust policies, advanced attackers are attacking identity infrastructure itself\u2014predominantly taking advantage of outdated, unpatched, or otherwise insecure on-premises network vulnerabilities to steal secrets, compromise federation servers, or otherwise subvert the infrastructure we rely on. This mechanism is insidious, because the attackers often take advantage of access to hide their tracks, and once the access control plane is lost, it can be incredibly difficult to effectively evict an actor.<\/p>\n\n\n\n<p>We are working hard to <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/microsoft-entra-azure-ad-blog\/empowering-socs-with-azure-ad-identity-protection-in-microsoft\/ba-p\/2365675\" target=\"_blank\" rel=\"noreferrer noopener\">strengthen hybrid and multicloud detections<\/a> and build automated protection for specific indicators that attackers are moving against identity infrastructure. Critically, because of the incredible difficulty of protecting on-premises deployments from malware, lateral movement, and emerging threats, you should reduce your dependencies on on-premises infrastructure, shifting authority to the cloud where possible. You should specifically <a href=\"https:\/\/aka.ms\/protectm365\" target=\"_blank\" rel=\"noreferrer noopener\">isolate your cloud infrastructure<\/a> from your on-premises environment. Finally, it is critical to partner closely with your security operations center (SOC) to make sure that privileged identity administrators and on-premises servers win special scrutiny. And because today\u2019s sophisticated adversaries will look for any gap in your security, securing user identities also means <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/microsoft-entra-azure-ad-blog\/managing-governing-and-securing-identities-for-apps-and-services\/ba-p\/3402816\" target=\"_blank\" rel=\"noreferrer noopener\">protecting non-human identities<\/a> and the infrastructure that stores and manages identities as well.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The rogue wave: Attack velocity and intensity<\/h2>\n\n\n\n<p>Our team assists with hundreds of significant cases every year, and one of the most critical issues we see is the difficulty of keeping up with increasing volumes and intensity of attacks. Whether it is assisting customers who are running Windows Server 2008 Domain Controllers or the customers still struggling with multifactor authentication rollout, the rapid pace of attacker innovation is hard to meet for organizations with the tremendous budget, resources, hiring, and political pressure facing them\u2014and that only addresses those organizations that think about security. Our consumer accounts (like those used to access Outlook.com or Xbox) are 50 times less likely to be hacked than enterprise accounts\u2014because, for these consumer accounts, we can manage the multifactor authentication policy, risk mitigations, and other key security aspects. All these capabilities (and more) are available to organizations\u2014but the cost of posture management proves too much for many customers.<\/p>\n\n\n\n<p>Our team is committed not just to reducing costs associated with identity attacks, but to massively reducing the investments required to get and stay secure. This is the common thread that runs through our many investments\u2014whether it is Conditional Access gap analysis, adapting Authenticator to address evolving multifactor authentication fatigue attacks, continuously evolving and expanding our threat detections, or our security defaults program, we are committed to protecting the users, organizations, and systems that depend on identity from unauthorized access and fraud\u2014it is very clear that this must include helping organizations start secure (or get secure) and stay secure, to do more with less.<\/p>\n\n\n\n<p>As you invest in identity security, we encourage you to invest in mechanisms that allow your organization to be agile\u2014<a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/active-directory\/identity-protection\/overview-identity-protection\" target=\"_blank\" rel=\"noreferrer noopener\">automating responses to common threats<\/a> (for example, auto-blocking or requiring password change), using mechanisms like Authenticator that can evolve and adapt to new threats, shifting authority to the cloud (where detections and mitigations are agile), and being attentive to indications of risk derived from our machine learning systems. &nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Fair winds and following seas in 2023<\/h2>\n\n\n\n<p>Whether you\u2019re an admin at a major company or launching a startup from your garage, protecting user identities is crucial. Knowing who is accessing your resources and for what purpose provides a foundation of security upon which all else rests. For that reason, it\u2019s imperative to do everything possible to strengthen your identity posture today. The challenges are significant, but defensive strategies and technology are there to help.<\/p>\n\n\n\n<p>If I may be so bold as to propose some New Year\u2019s resolutions for your identity security efforts:<\/p>\n\n\n\n<ol class=\"wp-block-list\" type=\"1\">\n<li>Protect all your users with multifactor authentication, always, using Authenticator, Fast Identity Online (FIDO), Windows Hello, or CBA.<\/li>\n\n\n\n<li>Apply Conditional Access rules to your applications to defend against application attacks.<\/li>\n\n\n\n<li>Use mobile device management and endpoint protection policies\u2014especially prohibiting running as admin on devices\u2014to inhibit token theft attacks.<\/li>\n\n\n\n<li>Limit on-premises exposure and integrate your SOC and identity efforts to ensure you are defending your identity infrastructure.<\/li>\n\n\n\n<li>Bet hard on agility with a cloud-first approach, adaptable authentication, and deep commitments to automated responses to common problems to save your critical resources for true crises.<\/li>\n<\/ol>\n\n\n\n<p>Each of these recommendations has value in and of itself, but taken together, they represent an approach to defense-in-depth. Defense-in-depth encourages us to assume that any single control might be overcome by an attacker, so we have multiple layers of defense. In the recommendations listed in this blog, a user with perfect authentication should never be compromised, but we layer in endpoint protection, SOC monitoring, automated responses, and posture agility assuming that no one control is adequate.<\/p>\n\n\n\n<p>To learn more about how you can protect your organization, be sure to read Joy Chik\u2019s blog, <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/09\/microsoft-entra-5-identity-priorities-for-2023\/\">Microsoft Entra: 5 identity priorities for 2023<\/a>. If you\u2019re interested in a comprehensive security solution that includes <a href=\"https:\/\/www.microsoft.com\/security\/business\/solutions\/identity-access\">identity and access management<\/a>, extended detection and response, and security information and event management, visit the <a href=\"https:\/\/www.microsoft.com\/security\/business\/microsoft-entra\">Microsoft Entra<\/a> page, along with <a href=\"https:\/\/www.microsoft.com\/security\/business\/siem-and-xdr\/microsoft-defender-for-identity\">Microsoft Defender for Identity<\/a> and <a href=\"https:\/\/www.microsoft.com\/security\/business\/siem-and-xdr\/microsoft-sentinel\">Microsoft Sentinel<\/a>, to learn how this family of multicloud identity and security products can protect your organization.<\/p>\n\n\n\n<p>To learn more about Microsoft Security solutions,&nbsp;<a href=\"https:\/\/www.microsoft.com\/security\/\">visit our&nbsp;website<\/a>.&nbsp;Bookmark the&nbsp;<a href=\"https:\/\/www.microsoft.com\/security\/blog\/\">Security blog<\/a>&nbsp;to keep up with our expert coverage on security matters. Also, follow us at&nbsp;<a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noreferrer noopener\">@MSFTSecurity<\/a>&nbsp;for the latest news and updates on cybersecurity.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Learn about the latest types of identity-based cyberattacks and how your organization can create an integrated, layered defense.<\/p>\n","protected":false},"author":162,"featured_media":125422,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3661],"topic":[3673,3678,3689],"products":[3690,3696,3702,3703,3726],"threat-intelligence":[],"tags":[3809],"coauthors":[1845],"class_list":["post-125414","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-industry-trends","topic-identity-and-access-management","topic-multifactor-authentication","topic-zero-trust","products-microsoft-defender","products-microsoft-defender-for-identity","products-microsoft-entra","products-microsoft-entra-id","products-microsoft-sentinel","tag-security-strategies"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Improve identity strategy with Microsoft | Microsoft Security Blog<\/title>\n<meta name=\"description\" content=\"Learn about the latest identity-based cyberattacks and how your organization can create an integrated, layered defense with Microsoft.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/26\/2023-identity-security-trends-and-solutions-from-microsoft\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Improve identity strategy with Microsoft | Microsoft Security Blog\" \/>\n<meta property=\"og:description\" content=\"Learn about the latest identity-based cyberattacks and how your organization can create an integrated, layered defense with Microsoft.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/26\/2023-identity-security-trends-and-solutions-from-microsoft\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2023-01-26T18:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-16T05:57:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/CLO22_Warehouse_018-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"900\" \/>\n\t<meta property=\"og:image:height\" content=\"599\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Alex Weinert\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/CLO22_Warehouse_018-1.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Alex Weinert\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/26\/2023-identity-security-trends-and-solutions-from-microsoft\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/26\/2023-identity-security-trends-and-solutions-from-microsoft\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/alex-weinert\/\",\"@type\":\"Person\",\"@name\":\"Alex Weinert\"}],\"headline\":\"2023 identity security trends and solutions from Microsoft\",\"datePublished\":\"2023-01-26T18:00:00+00:00\",\"dateModified\":\"2023-05-16T05:57:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/26\/2023-identity-security-trends-and-solutions-from-microsoft\/\"},\"wordCount\":2199,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/26\/2023-identity-security-trends-and-solutions-from-microsoft\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/CLO22_Warehouse_018-1.jpg\",\"keywords\":[\"Security strategies\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/26\/2023-identity-security-trends-and-solutions-from-microsoft\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/26\/2023-identity-security-trends-and-solutions-from-microsoft\/\",\"name\":\"Improve identity strategy with Microsoft | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/26\/2023-identity-security-trends-and-solutions-from-microsoft\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/26\/2023-identity-security-trends-and-solutions-from-microsoft\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/CLO22_Warehouse_018-1.jpg\",\"datePublished\":\"2023-01-26T18:00:00+00:00\",\"dateModified\":\"2023-05-16T05:57:18+00:00\",\"description\":\"Learn about the latest identity-based cyberattacks and how your organization can create an integrated, layered defense with Microsoft.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/26\/2023-identity-security-trends-and-solutions-from-microsoft\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/26\/2023-identity-security-trends-and-solutions-from-microsoft\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/26\/2023-identity-security-trends-and-solutions-from-microsoft\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/CLO22_Warehouse_018-1.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/CLO22_Warehouse_018-1.jpg\",\"width\":900,\"height\":599,\"caption\":\"Security practitioner working to investigate threats.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/26\/2023-identity-security-trends-and-solutions-from-microsoft\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"2023 identity security trends and solutions from Microsoft\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Improve identity strategy with Microsoft | Microsoft Security Blog","description":"Learn about the latest identity-based cyberattacks and how your organization can create an integrated, layered defense with Microsoft.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/26\/2023-identity-security-trends-and-solutions-from-microsoft\/","og_locale":"en_US","og_type":"article","og_title":"Improve identity strategy with Microsoft | Microsoft Security Blog","og_description":"Learn about the latest identity-based cyberattacks and how your organization can create an integrated, layered defense with Microsoft.","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/26\/2023-identity-security-trends-and-solutions-from-microsoft\/","og_site_name":"Microsoft Security Blog","article_published_time":"2023-01-26T18:00:00+00:00","article_modified_time":"2023-05-16T05:57:18+00:00","og_image":[{"width":900,"height":599,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/CLO22_Warehouse_018-1.jpg","type":"image\/jpeg"}],"author":"Alex Weinert","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/CLO22_Warehouse_018-1.jpg","twitter_misc":{"Written by":"Alex Weinert","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/26\/2023-identity-security-trends-and-solutions-from-microsoft\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/26\/2023-identity-security-trends-and-solutions-from-microsoft\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/alex-weinert\/","@type":"Person","@name":"Alex Weinert"}],"headline":"2023 identity security trends and solutions from Microsoft","datePublished":"2023-01-26T18:00:00+00:00","dateModified":"2023-05-16T05:57:18+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/26\/2023-identity-security-trends-and-solutions-from-microsoft\/"},"wordCount":2199,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/26\/2023-identity-security-trends-and-solutions-from-microsoft\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/CLO22_Warehouse_018-1.jpg","keywords":["Security strategies"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/26\/2023-identity-security-trends-and-solutions-from-microsoft\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/26\/2023-identity-security-trends-and-solutions-from-microsoft\/","name":"Improve identity strategy with Microsoft | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/26\/2023-identity-security-trends-and-solutions-from-microsoft\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/26\/2023-identity-security-trends-and-solutions-from-microsoft\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/CLO22_Warehouse_018-1.jpg","datePublished":"2023-01-26T18:00:00+00:00","dateModified":"2023-05-16T05:57:18+00:00","description":"Learn about the latest identity-based cyberattacks and how your organization can create an integrated, layered defense with Microsoft.","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/26\/2023-identity-security-trends-and-solutions-from-microsoft\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/26\/2023-identity-security-trends-and-solutions-from-microsoft\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/26\/2023-identity-security-trends-and-solutions-from-microsoft\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/CLO22_Warehouse_018-1.jpg","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/CLO22_Warehouse_018-1.jpg","width":900,"height":599,"caption":"Security practitioner working to investigate threats."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/26\/2023-identity-security-trends-and-solutions-from-microsoft\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"2023 identity security trends and solutions from Microsoft"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/125414"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/162"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=125414"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/125414\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media\/125422"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=125414"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=125414"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=125414"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=125414"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=125414"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=125414"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=125414"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}