Platform Upgrade: Microsoft 365 agentless CSS phishing protection

Exciting news! 🎉 We’ve recently created this advanced CSS phishing protection, and we’re making it available for everyone, for free!

Using custom CSS and a server-side solution, we can swiftly detect Man-in-the-middle (MITM) Phishing attacks, which MFA does not protect against. During each login, servers validate the login session, and users are alerted by a red background and warning text in the Microsoft 365 login page when anomalies are detected.

We recommend not to rely solely on this anti-phishing technique. There are several other mitigations that protect against phishing, we described them in this post: Microsoft 365 Security / Necessities / Checklist – Prof-IT Services

While this anti-phishing technique is effective at present, there is no guarantee it will remain so in the future. EvilGinx is actively developing countermeasures, such as not serving the custom CSS. To address this, we have implemented a workaround by using an image for safe logins. This alerts users to a phishing site if no indicator is present.

Our CSS Phishing Protection solution is hosted on high performance server tiers across three different continents within Azure data centers. This configuration ensures optimal performance and high availability.

Subscribe to our blog to stay updated on any changes related to CSS phishing protection.

How-to implement

First, copy and save the CSS provided below. Optionally, include your email address to be alerted of phish detections.

In Edge, opening the canary URL in the browser will not show an image, the protection will work nevertheless when it’s called from CSS.

.ext-sign-in-box 
  {
    background-image: url("https://canary.modernworkplace.services/api/[email protected]");
  }
  
.ext-sign-in-box
  {
      background: white url('https://canary.modernworkplace.services/api/[email protected]') center no-repeat;
  }

Next, navigate to the Entra ID Admin Portal. Locate the Company Branding section, go to the Tab Layout tab, and upload the CSS file.
Edit default sign-in experience – Microsoft Azure

The CSS protection will be activated each time a user signs into a Microsoft portal, and a red background will be shown whenever a user visits a phishing website.

That is all that is needed! 10 minutes after uploading the CSS, it should display the save login logo when you sign in.

Custom Version for your organization

In today’s ever-evolving threat landscape, safeguarding your organization against sophisticated phishing attacks is not just an option—it’s a necessity. That’s why we’ve developed a customizable solution that adapts to your specific needs while delivering unparalleled security features.

Key Features

Custom Safe Login Logo
Reinforce brand consistency and build user trust with a secure, branded login experience. By incorporating your organization’s logo into the safe login process, users can easily identify authentic access points, reducing the risk of phishing success.

Integrated Incident Response
Streamline your security workflow with built-in incident response capabilities. Effortlessly create incidents in Microsoft Sentinel, send detailed email notifications, or post actionable alerts in Microsoft Teams. Each alert includes vital context, such as the user’s IP address and the phishing URL, ensuring your team can act swiftly and decisively.

Multi-Tenant Orchestration for MSPs
Empower Managed Service Providers with robust multi-tenant orchestration features. Our solution enables easy identification and prioritization of threats by including tenant IDs and customer names in alerts. This functionality ensures seamless security management across multiple clients, saving time and enhancing operational efficiency.

Secure Your Future Today

Whether you’re looking to strengthen your organization’s defences or manage security across multiple tenants as an MSP, our custom solution provides the tools you need to stay ahead of modern threats. Contact us today to discover how these advanced features can be tailored to secure your organization and provide peace of mind in an increasingly digital world.