506 votesJon Catt commented
Come on O365 team - stop forcing us to use a Shared Mailbox to accomplish this simplest of tasks. As an add-on to this missing "feature", why not connect the dots and allow the user to choose a relevant signature, which automatically changes the From: field to the relevant alias?
378 votes10 comments · Office 365 Security & Compliance » Advanced Security Management · Flag idea as inappropriate… · Admin →
Thanks for taking the time to provide this feedback. We’ve updated the TechNet documentation (https://technet.microsoft.com/library/mt842508(v=exchg.150).aspx) to clear up confusion around which authentication type and protocol combinations are supported in CARs. Expanding support for more combinations could prevent bad actors with valid credentials from accessing mailbox content, but it wouldn’t help with scenarios like password spray attacks or malicious lockout attempts because CARs are evaluated post-authentication. There’s work underway on a solution that covers a broader array of basic authentication scenarios – we’ll share more details as soon as possible. In the interim, this blogpost (https://cloudblogs.microsoft.com/enterprisemobility/2018/03/05/azure-ad-and-adfs-best-practices-defending-against-password-spray-attacks/) outlines the recommended approach for forcing multi-factor authentication when using AAD and ADFS.