Office365 Security: Local Active Directory Expires Attribute does not disable Office365 Account

Jon Prange, Director of Managed Services | September 21, 2018

During some recent testing, we have discovered that the Local Active Directory attribute AccountExpires does not properly synchronize with Azure Active Directory (AAD), which is used with Office365. Many organizations use this feature (AccountExpires) to set a future date for an account expiration as part of their termination policy for future terminations but also for contractors and consultants.

Some organizations utilize Active Directory Federated Services (ADFS) to authenticate users, meaning that the user authenticates their sign in with the local directory so this will prevent the user from using local resources (logging into computers, VPN connections into the network, etc.) as well as Office365 services (Exchange, Sharepoint, Skype). Other organizations rely on Azure Active Directory to authenticate users and, while this does disable the user from using local resources, it does not prevent the user from signing into Office365 and using those services.

The only way to prevent the user from signing into Office365 in this scenario is through one of two methods:

  1. Disable the local account which will then be synchronized to Azure Active Directory using Azure AD Connect
  2. Edit the Sign In Status in the Office365 Console and change it to blocked

This has been reported to Microsoft as a big security flaw since it would allow users that an organization expects to be prevented from accessing resources to still access all of the Office365 services.

 

If you have any questions regarding this, simply contact our team via our web form and we’ll setup a call to discuss.

SLAM gets connected with Office 365

Is your move to the Cloud stalled, failed or non existent? Interphase Systems can help your firm truly leverage Cloud as a competitive advantage. Your workforce can stay connected from anywhere on any device with Microsoft Office 365.

See how one of the UK’s largest mental health service providers uses Office 365 and Azure to help clinicians collaborate on patient care. Contact Interphase Systems, Inc. to help get your teams working seamlessly with Office 365.You can reach us at 610-276-5500 or CE@interphasesystems.com. Contact us today for a free consultation.

Broadclyst School–Tracking Pupil Attainment

Save time and multiply your effectiveness. Interphase Systems, Inc. knows that, with the right digital tools, teams can gain new insights, then collaborate to create a win-win situation for everyone involved.

Broadclyst School relies on #Office365 to help its teachers work collaboratively as they analyze and share intelligence from test data, create and assign resources, mark up student assignments, and provide feedback to their pupils. This helps the teachers group children according to their needs and assign classwork that matches the learning style of each student.

Interphase Systems, Inc. can put your business on the same winning track. Contact us to find out how. 610-276-5500