Platform Upgrade: Microsoft 365 advanced agentless CSS phishing detection

Exciting news! 🎉 We’re enhancing our Microsoft 365 security with advanced agentless CSS phishing detection. For free, for everyone.

Using custom CSS and a server-side solution, we can swiftly detect phishing attacks and receive automatic alerts upon detection.

During each login, our servers validate the login session, and users are alerted by a red background and warning text in the Microsoft 365 login page when anomalies are detected!

This protects against so called Man in the Middle, or MITM attacks, where a proxy server such as EvilGinx is used to record user sessions. Regular MFA does not protect against this type of attack.

While this anti-phishing technique is effective at present, there is no guarantee it will remain so in the future. EvilGinx is actively developing countermeasures, such as not serving the custom CSS. To address this, we have implemented a workaround by using an image for safe logins. This alerts users to a phishing site if no indicator is present.

Our CSS Phishing Detection solution is hosted on high performance server tiers across three different continents within Azure data centers. This configuration ensures optimal performance and high availability.

Subscribe to our blog to stay updated on any changes related to CSS phishing protection.

Safe login on the left, confirmed by the background logo. Phish login on the right, confirmed by the red background.

How-to implement

First, copy and save the CSS provided below.

.ext-sign-in-box {
    background-image: url("");
      background: white url("") center no-repeat;
  }Code language: CSS (css)

Next, navigate to the Entra ID Admin Portal. Locate the Company Branding section, go to the Tab Layout tab, and upload the CSS file.
Edit default sign-in experience – Microsoft Azure

The CSS protection will be activated each time a user signs into a Microsoft portal, and a red background will be shown whenever a user visits a phishing website. The safe login logo confirms the CSS protection is active and not compromised.

Expert Automation

We offer advanced workflows to automate various actions. For more detailed information and to explore how these solutions can benefit your organization, please contact us.

Key Features

  • Custom Safe Login Logo
    Ensure brand consistency and enhance user trust with a custom safe login logo.
  • Defender for Endpoint Remediation
    Streamline your security operations with automated Defender for Endpoint remediation across multiple tenants.
  • Integrated Incident Response
    Easily create Sentinel incidents, send emails, or post alerts in Microsoft Teams, all while including crucial details such as the user’s IP address and the phishing URL.
  • Multi-Tenant Orchestration for MSPs
    Managed Service Providers can take advantage of our multi-tenant orchestration capabilities, including tenant ID and customer name indicators in alerts, for efficient and effective security management.

Contact us to learn more about these advanced features and how they can help secure your organization.

No responses yet

Leave a Reply

Your email address will not be published. Required fields are marked *