Analysts see an uptick in token theft from authenticated users, allowing threat actors to bypass MFA protections. Stealing session cookies has become one of the most common ways that attackers circumvent multifactor authentication.
For unmanaged devices, they recommend conditional access policies and strong controls.
Read more about this topic at: Dark Reading
