prevent storing O365 account credentials in W10

%3CLINGO-SUB%20id%3D%22lingo-sub-991175%22%20slang%3D%22en-US%22%3Eprevent%20storing%20O365%20account%20credentials%20in%20W10%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-991175%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20a%20user%20opens%20a%20Document%2C%20he%20gets%20the%20option%20offered%20to%20store%20the%20credentials%20in%20W10%20(to%20be%20created%20under%20'settings-accounts-access%20work%20or%20school').%20I%20have%20attached%20the%20userinput%20request%20window%20as%20attachement%20(sorry%2C%20in%20Dutch%2C%20but%20the%20window%20is%20recognisable).%3CBR%20%2F%3EWe%20have%20found%20that%20inspite%20of%20using%20MFA%20for%20loggin%20in%20to%20the%20portal%2C%20accepting%20this%20offer%20releases%20the%20user%20from%20ever%20being%20asked%20for%20a%20MFA%20again%20when%20opening%20local%20APPS%20like%20Word%20and%20accessing%20Sharepoint%20based%20documents.%3CBR%20%2F%3EIs%20there%20a%20way%20to%20prevent%20the%20user%20from%20being%20asked%20to%20store%20the%20credentials%20in%20W10%20from%20Office365%3F%20I%20do%20not%20have%20any%20management%20access%20to%20the%20users%20device.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-991175%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%20Administration%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-999873%22%20slang%3D%22en-US%22%3ERe%3A%20prevent%20storing%20O365%20account%20credentials%20in%20W10%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-999873%22%20slang%3D%22en-US%22%3E%3CP%3EThat's%20not%20%22credential%20storing%22%2C%20but%20the%20new%20Web%20Account%20Manager%20feature.%20It%20actually%20is%20considered%20as%20form%20of%20MFA%2C%20thus%20you%20don't%20see%20any%20consequent%20prompts.%20Read%20here%20for%20more%20info%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevices%2Fconcept-primary-refresh-token%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevices%2Fconcept-primary-refresh-token%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

When a user opens a Document, he gets the option offered to store the credentials in W10 (to be created under 'settings-accounts-access work or school'). I have attached the userinput request window as attachement (sorry, in Dutch, but the window is recognisable).
We have found that inspite of using MFA for loggin in to the portal, accepting this offer releases the user from ever being asked for a MFA again when opening local APPS like Word and accessing Sharepoint based documents.
Is there a way to prevent the user from being asked to store the credentials in W10 from Office365? I do not have any management access to the users device.

1 Reply
Highlighted

That's not "credential storing", but the new Web Account Manager feature. It actually is considered as form of MFA, thus you don't see any consequent prompts. Read here for more info: https://docs.microsoft.com/en-us/azure/active-directory/devices/concept-primary-refresh-token