Am an admin, funny thing about conditional access, we use various conditions but one is geolocation; we bar all logins outside of three countries relevant to our workers. We employed it mostly due to a continuous low-threat brute force campaign targeting a few exposed accounts that my data analysis had identified. In testing it out from Red Team’s perspective I quickly realized that conditional access will indeed prevent a login outside of the whitelisted countries, but it will gladly let the attacker know that the reason the login failed was due to conditional access and not an incorrect username/password. So all Red Team has to do is brute force the password and then VPN over to our country of operation and they’re in.
Am an admin, funny thing about conditional access, we use various conditions but one is geolocation; we bar all logins outside of three countries relevant to our workers. We employed it mostly due to a continuous low-threat brute force campaign targeting a few exposed accounts that my data analysis had identified. In testing it out from Red Team’s perspective I quickly realized that conditional access will indeed prevent a login outside of the whitelisted countries, but it will gladly let the attacker know that the reason the login failed was due to conditional access and not an incorrect username/password. So all Red Team has to do is brute force the password and then VPN over to our country of operation and they’re in.