Microsoft has announced a major security update for Entra ID (formerly Azure AD). The platform will now block the execution of external scripts during the sign-in process. This change aims to neutralize “Adversary-in-the-Middle” (AiTM) phishing kits that inject malicious scripts to steal session tokens.
Business Impact
This is a significant hardening of the identity perimeter. It will break many sophisticated phishing tools used to bypass MFA. However, it may also impact legitimate custom branding or customizations organizations have applied to their login pages that rely on external scripts.
Why It Happened
AiTM attacks have become the primary method for bypassing MFA. By preventing the browser from loading unauthorized scripts during authentication, Microsoft is closing a major loophole used by phishing-as-a-service platforms like EvilProxy.
Recommended Executive Action
Direct your IAM team to review your Entra ID branding configurations immediately. Test authentication flows to ensure no legitimate business processes rely on external scripts that will be blocked by this update. Prepare helpdesk staff for potential user tickets.
Hashtags: #Microsoft #EntraID #IAM #MFA #Phishing #CyberSecurity #IdentitySecurity #InfoSec