Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

Clone Intervention Screen [CHK-1102/CHK-1103]

The Clone Intervention Screen is a feature that displays a warning to users when they visit a malicious copy of the Microsoft login page, protecting them against AiTM (Adversary-in-The-Middle) phishing attacks.

Rationale

AiTM attacks involve creating fake login pages that mirror legitimate Microsoft 365 login pages. These attacks can bypass traditional security measures such as multi-factor authentication, making them particularly dangerous.

Fix

An automated fix is available through Attic. This fix does not depend on permissions in your Microsoft environment as the configuration is fully managed within the Attic system. It will be offered regardless of your onboarding type in the Microsoft environment.

To fix it yourself, retrieve the dscm url from the config and follow the following steps:

This guide explains how to add the DSCM link to your Microsoft environment's configuration. You will do this by uploading a specific CSS file within the Company Branding settings in the Azure/Entra ID Portal.

Step 1: Create the CSS File

First, you need to create a small text file containing the styling code.

  1. Open a text editor (like Notepad on Windows or TextEdit on Mac).

  2. Copy and paste the following code exactly as shown:

     
    .ext-sign-in-box
    {
        background: white url('<DSCM LINK FROM YOUR CONFIG>') center no-repeat;
    }

  3. Save the file as attic-branding.css.

Step 2: Access Microsoft Company Branding

  1. Open your browser and go directly to the Company Branding page in the Azure Portal.

  2. Log in with your Global Administrator (Tenant Administrator) account.

  3. Select the action that applies to your current setup:

    • If no branding exists: Click the Customize button.

    • If branding already exists: Click the Edit button under the Default sign-in tab.

Step 3: Upload the CSS File

  1. In the configuration menu, click on the Layout tab.

  2. Locate the Custom CSS option.

  3. Click the folder icon (Browse) and select the attic-branding.css file you created in Step 1.

  4. Click the Review + save button at the bottom of the page to finalize the changes.

Next inform your operator to enable intervention.

Impact

  • Users will see a visual warning when they visit malicious clone pages.
  • No impact on legitimate Microsoft login pages.

More Information