Take note that, since password sync is automatically enabled by Microsoft in certain cases, our password sync guidelines will include AdSelfService Plus management tool, which is one of the previously mentioned third-party programs that can be used to manage Microsoft Office 365 accounts. Below, you will find the guidelines for both actions. Therefore, companies and their IT departments (or their third-party partners) should definitely look into this potential security issue before ultimately migrating their email services to cloud.ĭepending on your preferences, you can choose to either enable or disable the Office 365 password sync. Also, CISA says that if the Azure AD Office 365 password sync is carefully planned and configured before organizations migrate users, the risk can be mitigated. It should be noted that in October 2018, Microsoft displayed the capability to match certain accounts. Imagine the on-premises identity getting compromised: The hacker would automatically move into the cloud environment once the Office 365 password is synced. This is where the automatically enabled password sync might become troublesome. If the identities are matched, the on-premises identity becomes the authoritative identity. Azure AD identities can be created beforehand or “on-premises.” When on-premises environments are integrated with Azure AD via Azure AD Connect, it is possible to match an AD identity created beforehand with on-premises AD identity. The Office 365 Password Sync issue is closely related to the Azure AD identities.
0 Comments
Leave a Reply. |