From 47ad96399f0ce59927f99a67ad417b17bb96c771 Mon Sep 17 00:00:00 2001
From: Andrew Huynh <113476170+ahuynhMITRE@users.noreply.github.com>
Date: Thu, 20 Feb 2025 11:08:04 -0500
Subject: [PATCH 1/3] Updated AAD.3.3

---
 PowerShell/ScubaGear/baselines/aad.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/PowerShell/ScubaGear/baselines/aad.md b/PowerShell/ScubaGear/baselines/aad.md
index eb35d2cc4c..cf2791e17d 100644
--- a/PowerShell/ScubaGear/baselines/aad.md
+++ b/PowerShell/ScubaGear/baselines/aad.md
@@ -228,12 +228,12 @@ If phishing-resistant MFA has not been enforced, an alternative MFA method SHALL
     - [T1110.002: Password Cracking](https://attack.mitre.org/techniques/T1110/002/)
     - [T1110.003: Password Spraying](https://attack.mitre.org/techniques/T1110/003/)
     
-#### MS.AAD.3.3v1
-If phishing-resistant MFA has not been enforced and Microsoft Authenticator is enabled, it SHALL be configured to show login context information.
+#### MS.AAD.3.3v2
+If Microsoft Authenticator is enabled, it SHALL be configured to show login context information.
 
 <!--Policy: MS.AAD.3.3v1; Criticality: SHALL -->
-- _Rationale:_ This stopgap security policy helps protect the tenant when phishing-resistant MFA has not been enforced and Microsoft Authenticator is used. This policy helps improve the security of Microsoft Authenticator by showing user context information, which helps reduce MFA phishing compromises.
-- _Last modified:_ June 2023
+- _Rationale:_ This policy helps protect the tenant when Microsoft Authenticator is used by showing user context information, which helps reduce MFA phishing compromises.
+- _Last modified:_ February 2025
 - _MITRE ATT&CK TTP Mapping:_
   - [T1110: Brute Force](https://attack.mitre.org/techniques/T1110/)
     - [T1110.001: Password Guessing](https://attack.mitre.org/techniques/T1110/001/)

From 7ea4f47514c0dd0076eb2f0cb5b8e7d2814d57e1 Mon Sep 17 00:00:00 2001
From: Andrew Huynh <113476170+ahuynhMITRE@users.noreply.github.com>
Date: Thu, 20 Feb 2025 14:39:46 -0500
Subject: [PATCH 2/3] reverting AAD.3.3v2 -> v1

policy is materially the same
---
 PowerShell/ScubaGear/baselines/aad.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/PowerShell/ScubaGear/baselines/aad.md b/PowerShell/ScubaGear/baselines/aad.md
index cf2791e17d..75251cad40 100644
--- a/PowerShell/ScubaGear/baselines/aad.md
+++ b/PowerShell/ScubaGear/baselines/aad.md
@@ -228,7 +228,7 @@ If phishing-resistant MFA has not been enforced, an alternative MFA method SHALL
     - [T1110.002: Password Cracking](https://attack.mitre.org/techniques/T1110/002/)
     - [T1110.003: Password Spraying](https://attack.mitre.org/techniques/T1110/003/)
     
-#### MS.AAD.3.3v2
+#### MS.AAD.3.3v1
 If Microsoft Authenticator is enabled, it SHALL be configured to show login context information.
 
 <!--Policy: MS.AAD.3.3v1; Criticality: SHALL -->

From 488fc85fa2c726726e0f4912c5f4e8f9398e4ba6 Mon Sep 17 00:00:00 2001
From: Andrew Huynh <113476170+ahuynhMITRE@users.noreply.github.com>
Date: Thu, 27 Feb 2025 12:09:39 -0500
Subject: [PATCH 3/3] removed AAD.3.3v1 from Support.psm1

---
 PowerShell/ScubaGear/Modules/Support/Support.psm1 | 1 -
 1 file changed, 1 deletion(-)

diff --git a/PowerShell/ScubaGear/Modules/Support/Support.psm1 b/PowerShell/ScubaGear/Modules/Support/Support.psm1
index 23a854b644..de01ee6b4f 100644
--- a/PowerShell/ScubaGear/Modules/Support/Support.psm1
+++ b/PowerShell/ScubaGear/Modules/Support/Support.psm1
@@ -861,7 +861,6 @@ function New-SCuBAConfig {
         "MS.AAD.2.3v1",
         "MS.AAD.3.1v1",
         "MS.AAD.3.2v1",
-        "MS.AAD.3.3v1",
         "MS.AAD.3.6v1",
         "MS.AAD.3.7v1",
         "MS.AAD.3.8v1"