Forum Discussion
Popup Window: Stay signed in to all your apps
Hi, This post is maybe not the right place for the discussion, but feel free to place it in the right discussion board. The issue came to light when using Teams though. When using Microsoft a...
This is already known. I already mentioned the registry key in my initial post. See second link where this register key is mentioned.
The goal of this post was to prevent other systems who are not part of an organization or enterprise. For example, home computers, shared computers, or even worse public computers where you don’t have control of as an organization/enterprise.
I still see this “popup” as a potential security risk, because when people login to check their account temporarily on a system which is not their own personal system, then know the potential risks.
I will describe a scenario. User logs in on a friend’s computer system with Teams. User ignores the popup and press ok. User log offs. The owner of that system opens Teams and still see that his friend previous has logged in. When he would click on this account, he would be able to login without any password asked. This is an example of many ways it can occur.
Even though the user reads the popup, it is so unclear what is mentioned there that people would still press ok without understanding it. IT person would understand it, but a normal user often doesn’t.
This popup should not default join your account to the computer. The default should be an extra check box with an option to join and not the other way around.
Hope this helps the understanding of the security risk that exist with this very annoying popup.
The goal of this post was to prevent other systems who are not part of an organization or enterprise. For example, home computers, shared computers, or even worse public computers where you don’t have control of as an organization/enterprise.
I still see this “popup” as a potential security risk, because when people login to check their account temporarily on a system which is not their own personal system, then know the potential risks.
I will describe a scenario. User logs in on a friend’s computer system with Teams. User ignores the popup and press ok. User log offs. The owner of that system opens Teams and still see that his friend previous has logged in. When he would click on this account, he would be able to login without any password asked. This is an example of many ways it can occur.
Even though the user reads the popup, it is so unclear what is mentioned there that people would still press ok without understanding it. IT person would understand it, but a normal user often doesn’t.
This popup should not default join your account to the computer. The default should be an extra check box with an option to join and not the other way around.
Hope this helps the understanding of the security risk that exist with this very annoying popup.
SekoBayo
We are having exactly the samen issue when connecting to AvD using the remote desktop client.
The security issue that we see is as follows
1) A user (A) tries to connect to AvD on a PC that is not managed throght Intune.
2) the user (A) logs in AD and chose directly (OK) when getting the pop up.
3) From that moment the user (A) creds are saved on the PC.
4) Lets say another user (B) uses the same PC and browse to (for example) to office.com then are the data of user (A) exposed. That is a big data leak.
Just like you say Microsoft should change this to a default that wil not add the PC to Azure AD and also do not save the users creds op de PC.
(In our case we are using MFA also and that wil work against the data leak sitiuation)
We are having exactly the samen issue when connecting to AvD using the remote desktop client.
The security issue that we see is as follows
1) A user (A) tries to connect to AvD on a PC that is not managed throght Intune.
2) the user (A) logs in AD and chose directly (OK) when getting the pop up.
3) From that moment the user (A) creds are saved on the PC.
4) Lets say another user (B) uses the same PC and browse to (for example) to office.com then are the data of user (A) exposed. That is a big data leak.
Just like you say Microsoft should change this to a default that wil not add the PC to Azure AD and also do not save the users creds op de PC.
(In our case we are using MFA also and that wil work against the data leak sitiuation)