During the development of the access concept for Microsoft 365 solutions, access scenarios were planned, dependencies discussed, roadmaps drawn up, users informed, and so on. When I think back to those appointments, I often say that multifactor authentication is secure, and there is no way around it. 2021 I was proven wrong By joining dinext. pi-sec, I had the task of taking a closer look at a hacking tool and testing it. The findings of this test should influence my approaches to Conditional Access until today. The tool is called Evilginx2. What is EvilGinx2? The tool is a man-in-the-middle attack framework and can be used to phish credentials and session…