There are multiple ways that attackers can BYPASS existing MFA controls once they have a foothold in the internal corporate network.

1- Non Interactive Logon. Authentication to resources using SMB, PSExec and other windows native bypasses many MFA controls.
2-Degrading Authentication Protocols. Once an attacker is able to degrade the default KERBEROS authentication to NTLM then MFA bypass becomes an easy thing.

Recommended Solution.
Integrating with your current MFA providers as contained in the attached image, CrowdStrike Falcon Zero Trust (Formerly Preempt security) is able to protect in (REAL TIME and without FRICTION to your users ) against the above MFA bypass methods and many more.

Contact us at info@smsam.net if interested in a demo or an evaluation of the solution.