Apr 26 2018
06:11 AM
- last edited on
Feb 06 2023
03:46 AM
by
TechCommunityAP
Apr 26 2018
06:11 AM
- last edited on
Feb 06 2023
03:46 AM
by
TechCommunityAP
Hi all,
For a client i'm reviewing some client cases to use Office 365. One security issue we're facing is that Office 2016 can be installed on an unmanaged machine. Once the company user logges in with his/her O365 credentials they have the opportunity to add their O365 account to that unmanaged machine with the result that they can open Word (for example) without entering their O365 credentials. But connections to SharePoint and OneDrive are also restored by opening Word. So there is a potential risk that on a shared device like a home Windows 10 computer somebody else then the company worker can view files on SharePoint by opening Word 2016.
My question, is there an option to disable the feature of adding your O365 account to a Windows 10 client with the result that the O365 username and password are always required when opening an local installation of an Office 2016 app.
Apr 26 2018 09:28 AM
No. Office doesn't actually use username/password anymore, it uses a token that can remain valid for a loooong time with use and will allow the user to access Office 365 resource without requiring username/password. Technically, this is all stored on the client PC and you can remove the token, however for unmanaged machines this will not be an option.
What you can do instead is limit or even block logins outside of your network. There are different ways to achieve this, the easier will probably be to use Conditional access.