On March 15th, 2023, a new feature released from Microsoft enabled organizations with a paid subscription to Microsoft 365 for business, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services, to add company branding to their Microsoft 365 sign-in page via Azure Active Directory.
This update is often recommended to improve both user experience and security by providing assurance the individual is logging in via the legitimate page for their company.
However, in July 2023, Egress Threat Intelligence analysts uncovered evidence that malicious actors are now using this customization in credential harvesting phishing attacks to improve credibility and increase the likelihood that the target will fall victim.
