Office365 Security: Local Active Directory Expires Attribute does not disable Office365 Account

Jon Prange, Director of Managed Services | September 21, 2018

During some recent testing, we have discovered that the Local Active Directory attribute AccountExpires does not properly synchronize with Azure Active Directory (AAD), which is used with Office365. Many organizations use this feature (AccountExpires) to set a future date for an account expiration as part of their termination policy for future terminations but also for contractors and consultants.

Some organizations utilize Active Directory Federated Services (ADFS) to authenticate users, meaning that the user authenticates their sign in with the local directory so this will prevent the user from using local resources (logging into computers, VPN connections into the network, etc.) as well as Office365 services (Exchange, Sharepoint, Skype). Other organizations rely on Azure Active Directory to authenticate users and, while this does disable the user from using local resources, it does not prevent the user from signing into Office365 and using those services.

The only way to prevent the user from signing into Office365 in this scenario is through one of two methods:

  1. Disable the local account which will then be synchronized to Azure Active Directory using Azure AD Connect
  2. Edit the Sign In Status in the Office365 Console and change it to blocked

This has been reported to Microsoft as a big security flaw since it would allow users that an organization expects to be prevented from accessing resources to still access all of the Office365 services.

 

If you have any questions regarding this, simply contact our team via our web form and we’ll setup a call to discuss.

Intelligent security for the modern workplace

Microsoft 365 E5 security covers a broad range of functions that work together to produce an easy-to-implement, effective, and cohesive system that is backed by continuous learning through ever expanding data. Interphase Systems helps clients get this advanced...

Customer story: Chesterfield County

Watch how Virginia's Chesterfield County Department of Social Services recently transformed its outdated workplace using cloud technology. Using Microsoft Dynamics 365, the department streamlined manual processes and siloed data to improve efficiency and productivity...

Intelligent security for the modern workplace

Microsoft 365 E5 security covers a broad range of functions that work together to produce an easy-to-implement, effective, and cohesive system that is backed by continuous learning through ever expanding data. Interphase Systems helps clients get this advanced...

Customer story: Fleet Complete

Mobile-workforce-management company Fleet Complete not only delivered during a recent surge in business, but even after extensive flooding at their Toronto headquarters, their fast-paced business continued seamlessly.

With secure @Microsoft cloud technology, including Microsoft Azure, Teams, and Dynamics 365, the company has experience over 50% YOY growth–despite the threat of disaster.

Does your company have a business continuity and disaster recovery plan in place? Interphase Systems, Inc. can help. Contact us to learn more.

Customer story: Chesterfield County

Manual processes, handwritten logs, and paper trails are not only inefficient, but they can be costly. These outdated business management techniques often result in error, duplication, and quality-control issues that can compromise efficiency, productivity, and morale.

But with cloud-based productivity and data centralization tools such as Microsoft Dynamics 365, you can modernize your business and achieve more.

At Interphase Systems, Inc., we understand the importance of modern digital tools to help businesses move forward. Contact us to learn more. #WhyCloud