The Attacker in the Middle detection will be Generally Available for users in Microsoft Entra ID Protection.
[When this will happen:]
General Availability (Worldwide): We will begin rolling out mid-August 2024 and expect to complete by late August 2024.
[How this will affect your organization:]
This high-precision detection will be triggered on a user account that has been compromised by an adversary who has intercepted the user’s credentials, including tokens issued to the user. The risk is identified through Microsoft 365 Defender and will elevate the user to high risk, triggering the configured Conditional Access policy.
[What you need to do to prepare:]
Learn more: What are risks in Microsoft Entra ID Protection – Microsoft Entra ID Protection | Microsoft Learn
This rollout will happen automatically by the specified date with no admin action required before the rollout. You may want to notify your admins about this change and update any relevant documentation.
Source: Microsoft