O365 Bypass MFA Via Trusted IP

Description

This search detects newly added IP addresses/CIDR blocks to the list of MFA Trusted IPs to bypass multi factor authentication. Attackers are often known to use this technique so that they can bypass the MFA system.

   Help

O365 Bypass MFA Via Trusted IP Help

You must install Splunk Microsoft Office 365 add-on. This search works with o365:management:activity

   Search

Open in Search