Exploiting the O365 Duo 2FA Misconfiguration

Introduction

A lot of companies implement Duo 2-Factor Authentication for O365. If this is not configured properly, it can allow mobile clients to authenticate without triggering the Duo prompt.

This video has been presented by Cassandra Young. She is a security professional focussing on cloud security architecture and engineering. She is also one of the organisers of Blue Team Village.

This video is part of the tech talks presented at Cloud Village. Cloud Village is an open space dedicated for people interested in cloud security and conducts various activities like talks, workshops, CTFs, and discussions around cloud.

Video

https://www.youtube.com/watch?v=D77aJug_-aQ

What to expect from this video

Following topics have been covered in this video:

1. Overview of O365 Authentication Types and Email Protocols
2. Understanding the Misconfiguration
   1. Conditional Access Policies in Azure Active Directory
   2. Understanding Conditions
3. Apple’s iOS Mail App Use Case
4. A look at Conditional Access Policies before and after August 2020
5. Detecting the Misconfiguration
6. Remediating the Misconfiguration

Key Takeaways

This video introduces you to O365 authentication types and various email protocols. The presenter gives an overview of conditional access policies in Azure Active Directory and explains what leads to the misconfiguration. An interesting use case of Apple’s iOS Mail App has been presented to demonstrate the misconfiguration. Cassandra Young also shares ways to detect this misconfiguration and what one can do to remediate it.