Jim Lloyd
My feedback
-
3,725 votes
Azure Active Directory Conditional Access has functionality for “Countries/Regions” – see https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
That said, the most effective protection you can have against password spray attacks is to enable MFA and disable basic authentication. If you cannot do this for your entire organization, then blocking user access to legacy protocols like POP, EWS, IMAP and SMTP is another step you can take. Exchange Online Client Access Rules can help you to further customize (https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/client-access-rules/client-access-rules). For additional recommendations, please see Office 365 Secure Score.
That said, please know that we are listening to feedback and working on solutions to help make Office 365 users more secure. Thank you for the feedback.
Jim Lloyd supported this idea ·
An error occurred while saving the comment -
201 votes10 comments · Office 365 Security & Compliance » Advanced Security Management · Flag idea as inappropriate… · Admin →
An error occurred while saving the comment Jim Lloyd commented
Bump... I am new to this forum and am not sure if this pushes the post up the list in any way. But, I am posting to see if it does.
If you are one of those people who does not like coming up with a new 8-character password every 30, 60 or 90 days (whatever your policy is), consider this proposal! Consider the possibility of not changing a 10-character password for 6 months to a year... or a 12 character password for a year or two.
Office 365 is currently fixed to a minimum password length of 8 characters, and stops at 16. Most password managers default to 20, and can go higher. Both of these should be an option for admins.
Vote for my proposal to allow for raising the minimum password length to 10 or 12 characters! Vote for Luke's (see above link) proposal to allow for passwords longer than 16!
Jim Lloyd shared this idea ·
Add me to this list... Geo-Locking should be default in all Office 365 offerings. It is right up there with passwords longer than 16 characters.