Showing results for 
Search instead for 
Did you mean: 
New Contributor

How to secure LastPass if an Azure AD federated user's M365 account is breached

We have federated our users' LastPass accounts to Azure AD.  If a user's Azure AD account is breached, does this make their LastPass account vulnerable to breach and how should we mitigate against this?  My thoughts are:

  • Federated accounts can't be accessed via the web client so I think an attacker would need to access the user's devices in order to access their LP account
  • We have MFA enabled on all Azure AD accounts so an attacker would need to get past that in order to access the user's LastPass account

Is there anything else we should do to ensure the security of users' LastPass accounts if their Azure AD account is breached?  Thanks

Tags (1)