In response to the attempts of malicious actors to access/collect protected data via abuse of federated authentication environments, the NSA has issued an advisory entitled “Detecting Abuse in Authentication Mechanisms“. The advisory details two sets of known TTPs (tactics, techniques & procedures) that malicious actors are using to gain access to networks and cloud resources, including email. The advisory includes mitigation steps to defend against these TTPs.