Reporting MFA-Enabled Accounts

When a problem arises, it’s good to know what user accounts are affected. In the case of the recent MFA outage, the need existed to report the list of accounts that were MFA-enabled. Here’s how to do the job with PowerShell.

Advertisements

Office 365 Privileged Access Management: Too Flawed and Too Exchange?

Microsoft has launched Privileged Access Management (PAM) for Office 365. The name’s incorrect because PAM only works for Exchange Online right now. PAM is based on RBAC, which is good, but is the implementation too Exchange-centric?

Any Authenticated Users Permission Now Generally Available

Azure Information Protection rights management templates now support the Any Authenticated Users permission to allow Office 365 users to share email and documents with anyone who can authenticate with Azure Active Directory or has an MSA account or uses a federated service.

What that BOXServiceAccount Does in Office 365

Records featuring an account called BOXServiceAccount appear in the Office 365 audit log. Not much information is available about the account, but it’s all OK because it’s used to assign administrative roles to Office 365 accounts.