Forum Discussion
Security Issue
We had an employee that we set their account to expire on November 30th. Today, we find that they were still able to access their email via their personal Windows phone. I did an Audit Log search and...
What does "expire" mean in your case? If the account is still existing/active, depending on the type of application used you can continue to access data for days. We have the option to revoke tokens now, so you can integrate this as part of your "leavers" process. As well as block all protocols and additional actions such as changing the password, which have more immediate effect.
In Active Directory you can set an account to expire on a specified date and time.
Right. And what are you using for authentication? Last time I toyed with this, only federated accounts had their tokens revoked upon account expiration/disable. But as I mentioned, you can also manually revoke tokens now, either via the O365 admin portal or via Revoke-AzureADUserAllRefreshToken.
We use Okta.
Ok, we'll add those steps to our off boarding process.
Thanks!
