How to stop AiTM token phishing in Microsoft 365

MFA alone is no longer enough to protect your users from modern phishing attacks. In this video, we’ll break down how Adversary-in-the-Middle (AiTM) phishing works — and more importantly, how to stop it using Microsoft Entra ID Conditional Access. You’ll learn: ✔ What AiTM phishing is and why it bypasses MFA ✔ How tools like EvilGinx and Modlishka capture session cookies ✔ Why phish-resistant MFA methods like FIDO2 Passkeys and Windows Hello for Business are essential ✔ How to configure Conditional Access policies using Authentication Strengths ✔ Practical ways to limit token lifetime and prevent token replay attacks Whether you're an IT admin, Microsoft 365 consultant, or security architect, these best practices will help you harden your identity perimeter in 2025 and beyond. 💬 Have you seen AiTM phishing attempts in your tenant or environment? What protections have you implemented? Drop a comment below and share your experience. 👍 Like, 🔔 Subscribe, and stay tuned for more Microsoft 365 Security how-to content!