Don’t let them get to the front door
11 June 2025
During routine monitoring recently we spotted one of our Microsoft 365 clients coming under attack from bad actors in various parts of the world.
None of the attacks were succeeding – our audit logs showed a reassuring status of ‘Failure’ against each attempt – but it prompted a discussion with our client about the benefits of Microsoft’s Conditional Access feature.
This can be configured in many ways, but a standard policy to add is to make the country an access request comes from a condition of a successful sign-in attempt.
Our client queried why this is necessary – aren’t hose audit log entries proof no-one is able to get in. Well, yes they are, but the analogy we gave was do you feel safer if a criminal is knocking at your front door but it’s locked (and so should be secure) – or if that criminal is kept at a distance by additional security such as gates on your drive?
Conditional Access means instead of anyone being allowed to get to your 365 sign-in page, now only users singing in from whitelisted countries can do so. Immediately, this keeps the rest of the world even further away from your 365 system – they will not even see the sign-in page but instead get a message warning them access from their country is not permitted.
You may ask - why did our client not already have this security feature in place? They’d elected previously not to upgrade to Microsoft 365 Business Premium, the subscription level you’ll need to activate Conditional Access.
We outlined the cost difference and they chose to upgrade – they could clearly see the benefit of keeping malicious hackers at the end of the drive and not even letting them get to the front door.
If you’d like to do the same, please get in touch on 01527 834850 or via info@armstrongbell.co.uk.
You might also like to read our previous article on Cyber Security for your Email, 08 May 2025
