Forum Discussion

C_the_S's avatar
C_the_S
Bronze Contributor
Dec 18, 2017

Security Issue

We had an employee that we set their account to expire on November 30th. Today, we find that they were still able to access their email via their personal Windows phone. I did an Audit Log search and...
exchange online
office 365
VasilMichev's avatar
VasilMichev
MVP
Dec 18, 2017

What does "expire" mean in your case? If the account is still existing/active, depending on the type of application used you can continue to access data for days. We have the option to revoke tokens now, so you can integrate this as part of your "leavers" process. As well as block all protocols and additional actions such as changing the password, which have more immediate effect.

  • C_the_S's avatar
    C_the_S
    Bronze Contributor
    Dec 18, 2017

    In Active Directory you can set an account to expire on a specified date and time.

    • VasilMichev's avatar
      VasilMichev
      MVP
      Dec 18, 2017

      Right. And what are you using for authentication? Last time I toyed with this, only federated accounts had their tokens revoked upon account expiration/disable. But as I mentioned, you can also manually revoke tokens now, either via the O365 admin portal or via Revoke-AzureADUserAllRefreshToken.

      • C_the_S's avatar
        C_the_S
        Bronze Contributor
        Dec 18, 2017

        We use Okta.

        Ok, we'll add those steps to our off boarding process.

        Thanks!