Security risk: Office 365 admin requires app PIN
Currently we are unable to apply a MAM policy to the Office 365 Admin app... as per: https://www.microsoft.com/en-us/cloud-platform/microsoft-intune-partners
There is a major security risk - as the O365 admin app does not prompt for authentication, nor does it allow you to apply a application PIN - which is usually applied via MAM policy settings.
If i put down my phone & someone manages to get access before the 5min time out on my device - they can open O365 Admin app & have admin access to all users \ groups in your tenant. We have 30,000+ users in our AD - so potentially could impact any or ALL of these 30,000 users.
We could simply put a app PIN on the O365 Admin app to force user to provide another authentication method to obtain
Hi, Ben, that is a great idea, and the people who would have to do that are on a different team. I know, I know, “one Microsoft” and all that, but we have to divide into teams efficient enough to get work done. Office 365 has a UserVoice site as well, https://office365.uservoice.com/. Specifically it sounds like you’d want this forum
And probably just vote for this existing idea
It only has one vote, but feel free to campaign for it.
Hi, Ben, I'm sorry your frustrated. I didn't know you'd already called in about that, but this really is an app owned by another team. To save you keystrokes, I went ahead and created the item on the O365 site
I tweaked the title a bit to make it different than the one that currently asks for a PIN.
You can either click the link and vote for it there, or if you say it's OK, I can ask the O365 UserVoice admin to add you as a supporters, if you're OK with me giving her your email address. Up to you.
Again, sorry for the inconvenience.
Ben Hallawell commented
I find it frustrating that I have logged a fault \ request into this massive security risk to be told Microsoft will not be resolving this security risk associated with this application.
I was then told to submit the feedback via https://microsoftintune.uservoice.com/ - see attached.
Now I need to re-submit this request into another system - isn't it possible for you to transfer it to the other Microsoft team? Rather than me spend further time trying to increase the security of your products. I am no longer using the O365 Admin app as there is a major security risk at this point in time - so I will not be adding this as feedback onto another form as requested by you.
You mentioned I have to submit via another team - this once again is so annoying as a customer to have to log the same thing for the 3rd time with the same company now in order to provide the feedback your company should have sorted prior to release of the app.
This also makes me less likely in the future to submit this feedback - as I submitted it to the correct location - according to Geetanjali - and it just wastes so much time & effort. I have zero confidence that even if I log the fault oin the link you provided (its a fault & not feedback) any action will take place. Hence why if you transferred the feedback to the required team, then me as a customer may actually feel like Microsoft is working with me & not against me.
If your other helpdesk are telling customers to log feedback in the correct place - maybe further training for these staff members would be needed!