Analyse @NSACyber's tweets
Actors are forging SAML authentication to access protected data in the cloud. @msftsecresponse has observed similar techniques and additional TTPs. Visit their blog for more countermeasures: https://t.co/zn4JJYD21A