Office365 Security: Local Active Directory Expires Attribute does not disable Office365 AccountJon Prange, Director of Managed Services | September 21, 2018
During some recent testing, we have discovered that the Local Active Directory attribute AccountExpires does not properly synchronize with Azure Active Directory (AAD), which is used with Office365. Many organizations use this feature (AccountExpires) to set a future date for an account expiration as part of their termination policy for future terminations but also for contractors and consultants.
Some organizations utilize Active Directory Federated Services (ADFS) to authenticate users, meaning that the user authenticates their sign in with the local directory so this will prevent the user from using local resources (logging into computers, VPN connections into the network, etc.) as well as Office365 services (Exchange, Sharepoint, Skype). Other organizations rely on Azure Active Directory to authenticate users and, while this does disable the user from using local resources, it does not prevent the user from signing into Office365 and using those services.
The only way to prevent the user from signing into Office365 in this scenario is through one of two methods:
- Disable the local account which will then be synchronized to Azure Active Directory using Azure AD Connect
- Edit the Sign In Status in the Office365 Console and change it to blocked
This has been reported to Microsoft as a big security flaw since it would allow users that an organization expects to be prevented from accessing resources to still access all of the Office365 services.
GDPR and international standards are making it more difficult for businesses of any size to keep up. Luckily, Interphase Systems, Inc. and Microsoft are here to help. With built-in compliance tools in Microsoft 365, you can be sure you're meeting GDPR guidelines. At...
Infographic, "How Small Businesses Can Safeguard Their Data" View: How Small Businesses Can Safeguard Their Data
Did you know that 39% of adults in the United States use the same, or similar, password for more than one online service? Even worse, this percentage jumps to 47% for adults between the age of 18 and 29.* That’s nearly half of adults 18 to 29 who use the same...
Microsoft, in January 2018, announced a new feature associated to OneDrive for Business, whereby end users could recover deleted files themselves (within the prior 30 days). Earlier this week, within the Office 365 Admin Center’s Message Center, Microsoft accounced a...
Is your move to the Cloud stalled, failed or non existent? Interphase Systems can help your firm truly leverage Cloud as a competitive advantage. Your workforce can stay connected from anywhere on any device with Microsoft Office 365.
See how one of the UK’s largest mental health service providers uses Office 365 and Azure to help clinicians collaborate on patient care. Contact Interphase Systems, Inc. to help get your teams working seamlessly with Office 365.You can reach us at 610-276-5500 or CE@interphasesystems.com. Contact us today for a free consultation.
Save time and multiply your effectiveness. Interphase Systems, Inc. knows that, with the right digital tools, teams can gain new insights, then collaborate to create a win-win situation for everyone involved.
Broadclyst School relies on #Office365 to help its teachers work collaboratively as they analyze and share intelligence from test data, create and assign resources, mark up student assignments, and provide feedback to their pupils. This helps the teachers group children according to their needs and assign classwork that matches the learning style of each student.
Interphase Systems, Inc. can put your business on the same winning track. Contact us to find out how. 610-276-5500