Configure → Drift → Breach → Repeat: The Cycle of Cybersecurity Control Configuration Risk
Get the report
n April 22, 2026, Google's Threat Intelligence Group and Mandiant disclosed a campaign by a threat actor they're tracking as UNC6692. What's notable about UNC6692 is what they didn't do. They didn't use a zero-day. They didn't exploit a software vulnerability. They didn't bypass any of the security controls Microsoft has built into Teams. They used the controls as configured.
Conditional Access contains simple yet powerful sign-on attributes that can be tailored to your business with a risk-based approach. Whether you're undergoing security tool consolidation efforts or embarking on an IAM hardening project, consider starting with a series of tailored sign-on policies that address risk where most breaches start.
This growing issue not only increases an organization’s exposure to potential cyberattacks but also wastes money and time spent by security analysts chasing down alerts that could have been stopped upstream. By understanding the implications of security debt and implementing strategies for security hardening, organizations of all sizes can minimize risk and maximize their return on investment.
To join the community of customers enjoying the benefits of Reach and learn more about how it can transform your security posture, visit:
