M365 Changelog: Microsoft Entra ID: Attacker in the Middle detection alert in ID Protection is GA Aug 8, 2024

Summary

The Attacker in the Middle detection feature will be generally available in Microsoft Entra ID Protection by late August 2024, enhancing security by identifying compromised user accounts. No admin action is required before the rollout.

MC855696 – The Attacker in the Middle detection will be Generally Available for users in Microsoft Entra ID Protection.

When this will happen:

General Availability (Worldwide): Microsoft will begin rolling out mid-August 2024 and expects to complete by late August 2024.

How this will affect your organization:

This high-precision detection will be triggered on a user account that has been compromised by an adversary who has intercepted the user’s credentials, including tokens issued to the user. The risk is identified through Microsoft 365 Defender and will elevate the user to high risk, triggering the configured Conditional Access policy.

What you need to do to prepare:

Learn more: What are risks in Microsoft Entra ID Protection – Microsoft Entra ID Protection | Microsoft Learn

This rollout will happen automatically by the specified date with no admin action required before the rollout. You may want to notify your admins about this change and update any relevant documentation.