My feedback

1. Block logins from other countries

   3,725 votes

   Vote Vote Vote

   Vote

   Sign in

   prestine

   Your name

   Your email address

   (thinking…)

   

   Password

   Sign in with: Facebook Google

   Forgot password?

   Create a password

   I agree to the terms of service

   Signed in as (Sign out)

   Close

   Close

   1 vote 2 votes 3 votes Remove votes

   You have left! (?) (thinking…)
   201 comments  ·  Office 365 Security & Compliance  ·  Flag idea as inappropriate…Flag idea as inappropriate…  ·  Delete…  ·  Admin →
   try this instead  ·  AdminScott Landry (Senior Program Manager, Microsoft Office 365) responded

   Azure Active Directory Conditional Access has functionality for “Countries/Regions” – see https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition

   That said, the most effective protection you can have against password spray attacks is to enable MFA and disable basic authentication. If you cannot do this for your entire organization, then blocking user access to legacy protocols like POP, EWS, IMAP and SMTP is another step you can take. Exchange Online Client Access Rules can help you to further customize (https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/client-access-rules/client-access-rules). For additional recommendations, please see Office 365 Secure Score.

   That said, please know that we are listening to feedback and working on solutions to help make Office 365 users more secure. Thank you for the feedback.

   Jim Lloyd supported this idea  ·  Mar 4, 2019
   An error occurred while saving the comment
   Jim Lloyd commented  ·  Mar 4, 2019  ·  Edit…  ·  Delete…

   Add me to this list... Geo-Locking should be default in all Office 365 offerings. It is right up there with passwords longer than 16 characters.

   Save Submitting...

2. More Than 8-Character Minimum Password Requirement

   201 votes

   Vote Vote Vote

   Vote

   Sign in

   prestine

   Your name

   Your email address

   (thinking…)

   

   Password

   Sign in with: Facebook Google

   Forgot password?

   Create a password

   I agree to the terms of service

   Signed in as (Sign out)

   Close

   Close

   1 vote 2 votes 3 votes Remove votes

   You have left! (?) (thinking…)
   10 comments  ·  Office 365 Security & Compliance » Advanced Security Management  ·  Flag idea as inappropriate…Flag idea as inappropriate…  ·  Delete…  ·  Admin →
   An error occurred while saving the comment
   Jim Lloyd commented  ·  Oct 10, 2017  ·  Edit…  ·  Delete…

   Bump... I am new to this forum and am not sure if this pushes the post up the list in any way. But, I am posting to see if it does.

   If you are one of those people who does not like coming up with a new 8-character password every 30, 60 or 90 days (whatever your policy is), consider this proposal! Consider the possibility of not changing a 10-character password for 6 months to a year... or a 12 character password for a year or two.

   Office 365 is currently fixed to a minimum password length of 8 characters, and stops at 16. Most password managers default to 20, and can go higher. Both of these should be an option for admins.

   Vote for my proposal to allow for raising the minimum password length to 10 or 12 characters! Vote for Luke's (see above link) proposal to allow for passwords longer than 16!

   Save Submitting...
   Jim Lloyd shared this idea  ·  Oct 4, 2017