When two-factor authentication is enabled for a mailbox user, the 2FA requirement can be bypassed for some services. This happens sometimes with security reports about Exchange-related issues, so to try and clarify I will summarize their conclusion as follows: The report is interesting, if a little difficult to read due to mixed terminology. For the most of this article I’m just going to refer to Exchange in general, and will only specify Exchange Server (on-premises) or Exchange Online (Office 365) when needed for clarity. This week an information security company published their findings that Exchange Server and Exchange Online (Office 365) do not enforce two-factor authentication (2FA) for Exchange Web Services. Please read the updated notes at the end of this post.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |