- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe to Topic
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Permalink
- Email to a Friend
- Report Inappropriate Content
APP Passwords - any way to restrict it to only those that need it?
We disable app passwords as we don't see a password that doesn't change as particular secure. Granted, it "should" be used only once and not written down anywhere....it will now be available to all users as a result of the changes we need to make in order to support MFA for certain applications and the new MS requirements. Is there any way to have app passwords only enabled for some accounts? (ie, these service accounts) Best of my knowledge, it is tenant-wide on or off.
Thanks.
- Labels:
-
CSP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Permalink
- Email to a Friend
- Report Inappropriate Content
You are correct, this setting is tenant wide.
Unfortunately there is currently neither an option to restrict it per user (add your vote here) nor an option to identify all users that are using app passwords (feedback here).
However, it should be possible to get some info from AzureAD sign in reports - "MFA Auth Method" is a property that is reported and should contain info if app password has been used - by using filtering you could identify users, apps & devices. If I find some time I'll will try to test this
Janosch
Get consultations form Technical Presales & Deployment services team via https://aka.ms/technicalservices
