Feedback by UserVoice

Jim Lloyd

My feedback

  1. 3,663 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    200 comments  ·  Office 365 Security & Compliance  ·  Flag idea as inappropriate…  ·  Admin →

    Azure Active Directory Conditional Access has functionality for “Countries/Regions” – see https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition

    That said, the most effective protection you can have against password spray attacks is to enable MFA and disable basic authentication. If you cannot do this for your entire organization, then blocking user access to legacy protocols like POP, EWS, IMAP and SMTP is another step you can take. Exchange Online Client Access Rules can help you to further customize (https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/client-access-rules/client-access-rules). For additional recommendations, please see Office 365 Secure Score.

    That said, please know that we are listening to feedback and working on solutions to help make Office 365 users more secure. Thank you for the feedback.

    Jim Lloyd supported this idea  · 
    An error occurred while saving the comment
    Jim Lloyd commented  · 

    Add me to this list... Geo-Locking should be default in all Office 365 offerings. It is right up there with passwords longer than 16 characters.

  2. 191 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    An error occurred while saving the comment
    Jim Lloyd commented  · 

    Bump... I am new to this forum and am not sure if this pushes the post up the list in any way. But, I am posting to see if it does.

    If you are one of those people who does not like coming up with a new 8-character password every 30, 60 or 90 days (whatever your policy is), consider this proposal! Consider the possibility of not changing a 10-character password for 6 months to a year... or a 12 character password for a year or two.

    Office 365 is currently fixed to a minimum password length of 8 characters, and stops at 16. Most password managers default to 20, and can go higher. Both of these should be an option for admins.

    Vote for my proposal to allow for raising the minimum password length to 10 or 12 characters! Vote for Luke's (see above link) proposal to allow for passwords longer than 16!

    Jim Lloyd shared this idea  · 

Feedback and Knowledge Base