We are working on adding this to the Partner Portal. In the meantime, the partner can access it by appending the customer’s domain to the URL, e.g., https://protection.office.com/contoso.com.
Now that MFA is being forced on us for admin accounts, it is time to address this concern. It is broken. I have technicians having to put dozens of MFA accounts on a single app.
And to top it off, you have to log in thtrough a private session. Your partner info will still be used to open the Security center and you'll be in your own organizations Security portal even though you logged in as the global admin of your tenant.
You truly must fix this mess...
This is something we weren't aware of, and took a support call to find out we weren't able to access it. This is becoming more and more difficult to manage our clients by requiring us to use an account on their tenant for these items, and it's changing, with the list growing, Fo partners who have multiple technicians, all of our technicians will now need access to a single account, and in the case of an audit, a tenant can point the finger at us (the partner), but we have no where to point. This is, in fact, a security lapse, not a more secure environment. If I'm logged in as a partner, I'm logged specifically into MY account, and any access is tracable directly to a single individual. This is not the case with the way it's being set up.
Azure Active Directory Conditional Access has functionality for “Countries/Regions” – see https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
That said, the most effective protection you can have against password spray attacks is to enable MFA and disable basic authentication. If you cannot do this for your entire organization, then blocking user access to legacy protocols like POP, EWS, IMAP and SMTP is another step you can take. Exchange Online Client Access Rules can help you to further customize (https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/client-access-rules/client-access-rules). For additional recommendations, please see Office 365 Secure Score.
That said, please know that we are listening to feedback and working on solutions to help make Office 365 users more secure. Thank you for the feedback.
1,361 votestry this instead · AdminBarbara Feldon (Office 365 Customer Experience, Microsoft Office 365) responded
The purpose of the Office Deployment Tool is to provide this capability. Download the Office 2016 version from here: https://www.microsoft.com/en-us/download/details.aspx?id=49117.
The answer is to buy a Mac. You can do this if you own an Apple Mac, but you can't if you own MICROSOFT Windows. No, seriously....
I don't think you want this to be the answer, Microsoft, so you better get started fixing this instead of forcing people to run the Office Deployment tool. "Ain't nobody got time for that"
Buy a Mac. You can do this on Apple's Mac's, but you can't do this on MICROSOFT Windows. No, seriously.
I understand they have locked out the support portal because the quality of Office has drastically reduced. We're now beta testers. There is no access to the support teams because they're inundated with tickets. We're going to need the old system back and a discussion with management to effect change. This system is horrible.
This is now circular. There are 3 or 4 different suggestions that all are the same topic:
Give Enterprise Users Bookings
Please consolidate and/or just add it already? Thanks
Thanks, everyone, for taking the time to share your suggestions. We’d like to clarity, as some commenters have pointed out, that we do have AAD support for iOs today. Android and WP versions are in the works. Please stay tuned and keep your feedback coming!