MFA Isn't Enough Anymore. How AiTM Attacks Bypass It — and What to Do.

For years, the standard advice has been simple: turn on multi-factor authentication and you’ve blocked the most common attack against business email. A phished password without the second factor was useless. Most breaches stopped at the MFA prompt.

That advice was right when it was given. It’s not wrong now — MFA is still essential, and turning it off is still a terrible idea. But attackers have adapted, and the gap MFA used to close has been pried back open.

The attack of the moment is called adversary-in-the-middle (AiTM). It bypasses MFA not by guessing the code, but by sidestepping the whole login flow. And it’s now sold as a commodity service to anyone with a credit card.

How AiTM Attacks Actually Work

An AiTM phishing email looks like the same kind of phish you’ve trained your team to spot — usually a fake Microsoft 365 login page, often disguised as a shared document or invoice notification. The difference is what happens after the user clicks.

Instead of capturing the password on a fake static page, the AiTM site is a reverse proxy. Every keystroke gets relayed in real time to the real Microsoft login. The user sees the real Microsoft prompt. They enter their real password. Microsoft sends the real MFA challenge. The user approves it on their phone — because everything looks legitimate.

At the moment the login succeeds, Microsoft sends back the real session token — the little credential your browser stores that says “this person already logged in.” The attacker’s proxy server intercepts that token, copies it, and uses it from their own browser. The user gets logged in (no warning signs), and the attacker is logged in too.

From that point, the attacker has an active, authenticated session. They don’t need to re-enter the password. They don’t need to re-trigger MFA. They’re inside until the session expires — often hours or days — with full access to email, OneDrive, Teams, and SharePoint.

Why This Is Spreading: The Attack Is Now a Commodity

A few years ago, AiTM attacks required skilled adversaries who could set up proxy infrastructure. That’s no longer the case. Phishing-as-a-service kits like EvilProxy, Tycoon, and the toolkits used by groups like Storm-1167 now sell turnkey AiTM campaigns by subscription. The attacker logs in, picks a target domain, and the platform handles the proxy setup, the convincing login pages, and the token capture.

Microsoft’s own threat intelligence has tracked AiTM phishing campaigns against tens of thousands of organizations in single waves. The Defender for Office 365 team published guidance specifically on AiTM detection because the attack went from rare to routine in roughly eighteen months.

For Las Vegas SMBs, the relevant fact isn’t “nation-state attackers are coming for you.” It’s that a single criminal with a couple hundred dollars a month and basic technical skill can now run AiTM campaigns at scale against any Microsoft 365 customer they want.

Defense Layer 1: Phishing-Resistant MFA

Not all MFA is equally vulnerable. The forms attackers can defeat in an AiTM flow are the ones that confirm that someone is logging in — SMS codes, authenticator app codes, push notifications. The user is at the real Microsoft login (proxied), the MFA is real, and the user dutifully approves it.

The forms attackers can’t defeat are the ones that confirm where the user is logging in from — FIDO2 hardware keys (YubiKey, Feitian, and similar), platform passkeys (Apple, Google, Microsoft), and Windows Hello for Business. These use cryptographic challenges tied to the origin domain. If the user is on a proxy site that isn’t the real Microsoft origin, the FIDO2 key or passkey simply refuses to complete the handshake. The phishing page can’t fake the domain validation.

Moving high-risk accounts (admins, finance, executives) to phishing-resistant MFA is the single highest-impact defense against AiTM. The whole company can follow over time; the at-risk roles should move now.

Defense Layer 2: Conditional Access That Notices Weirdness

Even with a successfully stolen token, an attacker has to use it from somewhere. Conditional Access policies in Microsoft Entra ID (formerly Azure AD) can require that the sign-in come from a known device, a known location, or a low-risk session. A stolen token replayed from a foreign IP, from a non-compliant device, with high sign-in risk — that’s exactly the pattern Conditional Access is built to detect and block.

The minimum effective baseline: require compliant devices for access to Exchange and SharePoint, block sign-ins from anonymizing networks (Tor, sketchy VPNs), and enable Entra Identity Protection so risky sign-ins are flagged or blocked automatically. Microsoft 365 Business Premium and E3+ include the Conditional Access licensing; the configuration takes hours, not weeks.

Defense Layer 3: Session Protections

A stolen session token is dangerous because it’s long-lived and portable. Two configuration changes meaningfully reduce that risk:

Shorter session lifetimes for high-risk apps. Conditional Access supports a “sign-in frequency” setting that forces re-authentication every N hours for sensitive resources. Stolen tokens age out faster. The user friction is real but small; the security gain is substantial.

Continuous access evaluation. Microsoft has rolled out continuous access evaluation (CAE) across most of M365 — when a user’s session is revoked (password reset, account disabled, conditional access policy change), the change propagates in near-real-time instead of after the token’s natural expiry. CAE is on by default for newer tenants; for older tenants, it’s worth confirming it’s enabled.

Defense Layer 4: Detection When Prevention Fails — SIEM and SOC

No defense stack is perfect. A determined attacker with a compliant device, in a credible location, on an at-risk user account might still get a session through. The question becomes how fast you detect it and how fast you respond.

This is what a SIEM (Security Information & Event Management) platform and a SOC (Security Operations Center) team are for. The SIEM ingests sign-in logs, mailbox audit logs, and Defender telemetry across the M365 environment. The SOC analysts watch for the specific patterns that indicate post-AiTM activity: a successful sign-in followed minutes later by inbox rules being created to auto-forward or auto-delete messages, mass downloads from SharePoint, sudden access from a previously unseen geography, mailbox exports.

Detection without response is incomplete. A well-run SOC doesn’t just alert — it terminates the suspicious session, forces a password reset, and disables the offending inbox rule, often within minutes of the first signal. For Brydan customers on our managed-detection plans, this is what the security operations layer is doing in the background.

What to Do This Quarter

Four concrete actions, in order of impact:

1. Issue FIDO2 hardware keys or enable passkeys for admin, finance, and executive accounts. These are the AiTM targets that hurt most when compromised. Hardware keys run roughly $50 each; passkeys are free if your devices support them. Either way, the cost is trivial compared to the typical incident loss.
2. Enable Conditional Access “require compliant device” for Exchange and SharePoint. Combined with Intune device enrollment, this means a stolen session from an unknown machine fails. Requires Business Premium or E3+ licensing.
3. Turn on Entra Identity Protection (or its equivalent for your license tier) and set sign-in risk policies to require MFA at “medium” risk and block at “high.” These machine-learning signals are what spot the “same user, two locations, same minute” pattern an AiTM intrusion produces.
4. Get sign-in and mailbox audit logs into a SIEM with a SOC watching them. Whether that’s Microsoft Sentinel with an internal team, an MSSP, or a managed-detection service like Brydan SIEM, the point is the same: someone is looking at the telemetry continuously, with playbooks ready when the alert fires.

The Bottom Line

MFA isn’t dead. It’s still essential. But the version of MFA that stopped attackers in 2020 doesn’t stop the AiTM-equipped attackers of 2026. The attack model has moved from “steal the password” to “steal the session,” and the defenses have to follow.

The good news is none of the four layers above are exotic. Phishing-resistant MFA is buyable from Amazon. Conditional Access ships with Business Premium. Session protections are a configuration change. SIEM-plus-SOC is a service you can hire. The harder part is the discipline to actually deploy them in the right order, and to assume that prevention will sometimes fail.

Continue Reading

Security Alert

Phishing Attacks Are Getting Smarter — What to Watch For

Industry News

Cyber Insurance Is Getting Harder — What to Do Before Renewal

Security Alert

NIST Changed the Password Rules