Disable autologon to all MS 365 services at once
If someone logs in to any Office 365 service in a browser, this person gets connected to ALL MS 365 services :
- Word, Excel, OneNote etc
- Microsoft 365 admin portal
This is a great security risk.
A user goes on a shared computer in a hotel.
Logs into outlook.com using his credentials to check corporate emails.
Phone rings, dad died, runs away from the computer.
Next person sits at the same computer: not only does he have access to Outlook, he only needs to go on any other MS 365 services webpage listed above and will get logged in, no questions asked. I would go to Office.com so that from there I can conveniently get all the links to all these services in one place.
Example 2 :
User connects to a client's computer with remote desktop through a shared account that the client created for us.
User needs to transfer files from his OneDrive to this server, logs into OneDrive using his credentials
Client comes up to the computer pjhysically and logs in with the same credentials, user's remote desktop connection gets gets kicked out.
Client now has access to ALL MS 365. All communications, files, everything. I would go to Office.com so that from there I can conveniently get all the links to all these services in one place.
Another user from our company logs on the same computer, using the same shared account. Guess what, he can now go see what was the first user's salary negotiation like.
I understand that security holes is the price to pay for convenience but the rest of us need security!!
Thank you for considering this matter!