“Even in the worst case of SAML token forgery, excessive user permissions and missing device and network policy restrictions allowed the attacks to progress.” Alex Weinert – Partner Director of Identity Security at Microsoft
Source: ZDNet
About Alex Weinert:
Alex Weinert is the Director of Identity Security at Microsoft. Billions of users sign into millions of apps almost 20B times a day on Microsoft’s identity platform; the Identity Security team (ISP) protects them from unauthorized access, account takeover, and abuse.
He is part of the team that protects users of Xbox, Skype, Outlook, Office 365, Azure, and other Microsoft B2C sites or organizations using Azure AD against hackers.
In addition to detection, investigation, and response, ISP delivers tech like Azure AD Identity Protection, Conditional Access, Multi-Factor-Authentication, and the Microsoft Authenticator app.
