Skip to main content

Token Theft Walks Right Past Most MFA. Here Is the 2026 Fix.

Nick Ross4 min read

TL;DR

  • Adversary-in-the-middle (AiTM) phishing captures the session token issued after a successful MFA prompt, so the attacker never needs to beat MFA at all.
  • SMS, voice, and email one-time codes should be treated as legacy authentication methods as of December 2025.
  • Phishing-resistant MFA (Windows Hello for Business, FIDO2 keys, passkeys) uses device-bound keys that refuse to sign for a fake origin, which breaks AiTM entirely.
  • Per-user MFA settings leave gaps every time a new account is created; Conditional Access is the only deployment model that keeps coverage complete.
  • Token protection in Conditional Access is worth piloting but is Windows-only and does not stop browser-based AiTM attacks today.

A successful MFA prompt is not proof that a user signed in to Microsoft. That single sentence explains the fastest-growing attack pattern in Microsoft 365 tenants today: adversary-in-the-middle (AiTM) phishing paired with token theft.

The uncomfortable part is that the tenants getting hit usually had MFA enabled on every account. The question that matters in 2026 is not "do you have MFA?" It is "what kind of MFA are you enforcing, and where are the exceptions?"

This post breaks down how an AiTM attack actually works, why conventional MFA does nothing to stop it, and the deployment model we would build today, with Conditional Access strategies you can apply this week.

How a token gets stolen after a "successful" MFA sign-in

Picture a mid-size accounting firm that lives entirely in Microsoft 365. MFA is on for every account: SMS codes, Authenticator prompts, all the boxes checked.

One morning the finance manager gets an email that looks completely legitimate, a OneDrive document share notification. He clicks the link, lands on what appears to be a Microsoft sign-in page, and logs in. Email entered. Password entered. MFA approved. He is redirected to the Microsoft 365 portal and nothing seems wrong.

But he never signed in to Microsoft. He signed in to an attacker's proxy site.

That fake login page was AiTM phishing infrastructure. While the user believed he was authenticating to Microsoft, the proxy captured his username and password and, more importantly, intercepted the session tokens Microsoft issued after the MFA challenge passed.

From there the attacker opens an incognito browser, injects the stolen session cookie, and is instantly authenticated as the user. No password. No MFA prompt. No friction. From Microsoft's perspective, the sign-in log shows a successful MFA authentication.

Not all MFA methods deserve equal trust against that playbook. Here is how we would deploy MFA going into 2026.

Close the coverage gaps before upgrading the methods

The most common failure is not weak MFA, it is missing MFA. Two coverage problems show up constantly:

Per-user MFA instead of Conditional Access. A surprising number of tenants still run per-user MFA settings rather than a modern Conditional Access deployment. Per-user settings leave holes every time a new account is created in the organization. Conditional Access applies the policy to everyone, including accounts that do not exist yet.

MFA must apply to:

  • All user accounts
  • Privileged accounts
  • Service accounts with interactive logins

If an account can authenticate, it can be hijacked. Wherever possible, replace service accounts with managed identities or service principals, and eliminate shared or "temporary" accounts that never expire. If a login exists, MFA belongs there. No exceptions.

Guest users. Many breaches do not start with internal users. They start with partners and suppliers. Guest accounts often hold access to Teams, SharePoint, and sensitive documents, and if a guest is compromised, your tenant becomes the blast radius. Enforce MFA for guest users, review external access regularly, and treat long-term partners differently than one-off guests. A single compromised guest account is enough to trigger an AiTM chain reaction.

Which MFA methods should be retired in 2026?

SMS, voice calls, and email one-time codes should be treated as legacy authentication methods. They are vulnerable to:

  • SIM swapping
  • Social engineering
  • Compromise of the second factor itself (think of a user whose second factor is their personal Gmail inbox)

At an absolute minimum, organizations should be running Microsoft Authenticator with number matching, which forces users to confirm a number shown on screen and dramatically reduces MFA fatigue attacks.

One caution: before disabling old methods, review the user registration data carefully. Ripping methods out without a migration plan causes outages and support tickets, not security.

Phishing-resistant MFA is what actually breaks AiTM

This is where MFA finally catches up to the attack. Phishing-resistant methods include:

  • Windows Hello for Business
  • FIDO2 security keys
  • Passkeys (including iPhone and Android support)

These methods use device-bound cryptographic keys instead of shared secrets. Even if a user lands on a pixel-perfect fake login page:

  • The authentication cannot complete
  • The key will not sign a request for the wrong origin
  • Token replay fails

That single change breaks AiTM attacks entirely. The proxy has nothing to capture because the credential never leaves the device and never signs for the attacker's domain.

Roll it out in phases, starting where compromise hurts most:

  1. Global admins
  2. Executives
  3. Finance and other high-impact roles

Then expand outward to the rest of the organization.

What about token protection in Conditional Access?

Microsoft has introduced token protection controls in Conditional Access, included in Entra ID P1, designed to stop replay attacks. They are promising, but as of December 2025 they are:

  • Limited in scope
  • Windows-only
  • Restricted to mobile and desktop clients
  • Not effective against browser-based AiTM attacks

Token protection is worth piloting, but it is not a silver bullet yet. For a deeper breakdown, see Breaking Down Token Protection in Conditional Access.

The bar has moved

If your MFA strategy has not changed in the last few years, it is already behind. Attackers stopped trying to beat MFA prompts and started stealing what comes after them. Coverage everywhere, legacy methods retired, phishing-resistant credentials for the accounts that matter: that is the 2026 deployment.

Frequently asked questions

Is Microsoft Authenticator with number matching phishing-resistant?

No. Number matching reduces MFA fatigue attacks and is the minimum acceptable method, but in an AiTM scenario the user completes the prompt against the attacker's proxy and the session token is still stolen. Only device-bound methods like FIDO2 keys, passkeys, and Windows Hello for Business resist the proxy itself.

Do guest users need MFA too?

Yes. Guests often hold access to Teams, SharePoint, and sensitive documents, and a compromised partner account is a common entry point. Enforce MFA for guests, review external access regularly, and treat long-term partners differently than one-off invitees.

Can we just turn off SMS MFA tomorrow?

Not safely. Review the user registration data in Entra first and migrate users to stronger methods before disabling the old ones. Ripping out methods without a plan causes lockouts and a support ticket pile.

Does Conditional Access token protection stop AiTM phishing?

Not yet. As of December 2025 it is limited in scope, Windows-only, restricted to mobile and desktop clients, and ineffective against browser-based AiTM attacks. Pilot it, but do not count it as your defense.

Find the MFA gaps before an attacker does

CloudCapsule checks every tenant you manage for weak MFA methods, Conditional Access holes, and unprotected admin and guest accounts. 250+ controls, 60 seconds, mapped to CIS.

Run a free scan
Nick Ross

Written by

Nick Ross

CEO · Microsoft MVP · Founder, T-Minus 365

Nick is not just a CEO, he's a respected thought leader and influencer in the MSP space. Tens of thousands of MSPs learn through his YouTube channel, T-Minus365. Nick has been honored as a three-time Microsoft MVP for his educational content; his expertise and influence are the backbone of our mission, ensuring that you are in the best hands when it comes to security.

Nick joined Pax8 in 2017, where he would ultimately oversee product management for PSA and Microsoft integrations. Following his tenure at Pax8, Nick has continued to demonstrate his leadership prowess as an executive at various MSPs, culminating in his most recent role at Sourcepass.

Nick holds a Bachelor's Degree in Business Management from Florida State University, as well as a Minor Degree in Entrepreneurship. In his free time, Nick is an avid hiker, reader, and fitness-junkie.

Keep reading