Change Your Microsoft Sign-in Page to Avoid Man-in-the-middle Attacks
Man-in-the-middle attacks are cyberattacks in which a hacker can steal sensitive information by intercepting communication between a user and a legitimate service.
Basically, an attacker makes you believe you are connected to a legitimate website but you are actually communicating with and sending data to the attacker.
The attacker can redirect you to a fake website that mimics a legitimate one, and this is how they steal login credentials or financial information. Phishing attacks are one of the most common entry sources for man-in-the-middle attacks.
To combat these attacks, Microsoft allows organizations to customize their sign-in page with their logo and company name.
Microsoft accounts, specifically, are one of the most frequently targeted because they are so common among businesses and they usually contain access to sensitive company data.
Even if attackers can’t access any company data through one account, they can mount further attacks using the compromised account to spray more fake logins to other contacts.
By creating a unique login page, your employees will know only to log in if they see their company’s branding on the Microsoft sign-in page.
What Does a Branded Sign-in Page Look Like?
There are up to 15 elements that can be customized to fit with your organization’s brand.
While we don’t change all 15 elements for our clients, there are five we modify to differentiate from fake websites.
- Favicon
- Background image
- Banner logo
- Sign-in page title
- Aligned right sign-in form
Because it would be easy enough for an attacker to duplicate a branded page, we ask our clients to always check the URL before logging in. If it looks fake or contains spelling errors, they are advised to not log in.
“Microsoft accounts, specifically, are one of the most frequently targeted because they are so common among businesses and they usually contain access to sensitive company data.”
How Do I Brand My Sign-in Page?
It’s important to note that while you can brand your own sign-in page, we do it for our clients and are happy to configure it for new clients.
Before you begin, there are a few prerequisites you must meet. To add custom branding requires one of the following Microsoft licenses:
- Microsoft Entra ID P1 or P2 (Note: P1 is included with Microsoft 365 Business Premium)
- Microsoft 365 Business Standard
- SharePoint (Plan 1)
Next, you’ll need to sign in to the Microsoft Entra admin center as an Organizational Branding Administrator or higher.
Click “Identity” in the top-left corner, select “User experiences” and click “Company branding.” Here, you can customize the 15 elements to personalize your organization’s sign-in page.
Want to Brand Your Microsoft 365 Sign-in Page?
Protect your organization from unauthorized access due to stolen credentials. If you need help or want more information on customizing your Microsoft login page, contact us here.
Stay updated! Get tips and insights delivered to your inbox weekly by subscribing to our newsletter.
