Paul Walsh
asked on
Accounts with Microsoft
Hi Experts,
If you have a business account in Microsoft, and this account is used across a few Microsoft platforms, do Microsoft treat the account as one entity?
For example we currently synchronise our on site AD account to Microsoft Azure via AAD connect. If one of these users, uses thier domain account to also sign up for another service that is hosted within Microsoft Azure, a seperate tenancy for example, will any changes made to thier on prem account, after it has synced to our Microsoft tenancy also be reflected in the other tenancy as well. Such as a passord change? ie asuer@company.com is part of our AAD and these details have also been used to sign into another service, backed by Microsoft Azure, but not part of our subscription.
Kind Regards,
Paul
If you have a business account in Microsoft, and this account is used across a few Microsoft platforms, do Microsoft treat the account as one entity?
For example we currently synchronise our on site AD account to Microsoft Azure via AAD connect. If one of these users, uses thier domain account to also sign up for another service that is hosted within Microsoft Azure, a seperate tenancy for example, will any changes made to thier on prem account, after it has synced to our Microsoft tenancy also be reflected in the other tenancy as well. Such as a passord change? ie asuer@company.com is part of our AAD and these details have also been used to sign into another service, backed by Microsoft Azure, but not part of our subscription.
Kind Regards,
Paul
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi,
you can use the same email/account (and password) on many web sites, but it does not mean it is the same account.
In fact, if you use a Microsoft account, for example from a professional Office 365 tenant, you can access your tenant that will validate your password/authentication. But you can also access to all other web sites or other tenants has authorized this Microsoft account. The authentication is always done with the initial identity.
Now, if you go on other websites, if you have to create an account, it will not be the same account, even if you use the same email address, and possibly the same password. each account will have a different life.
you can use the same email/account (and password) on many web sites, but it does not mean it is the same account.
In fact, if you use a Microsoft account, for example from a professional Office 365 tenant, you can access your tenant that will validate your password/authentication. But you can also access to all other web sites or other tenants has authorized this Microsoft account. The authentication is always done with the initial identity.
Now, if you go on other websites, if you have to create an account, it will not be the same account, even if you use the same email address, and possibly the same password. each account will have a different life.
ASKER
Hi Deman,
Thankyou for your reply. So if this Microsoft account was setup on a 3rd party Azure tenant and also tied to the company email address. The company then setup its own Microsoft Azure account and sync this to on prem via AAD connect. The Microsoft account will now use the login password from AD (as it has been synced) and will be allowed to authenticate to both the company tenant and this 3rd party tenant and indeed any other tenant or web app backed by Microsoft, that allows this account to be used. Is this correct? Is there anyway to stop this and prevent company Microsoft accounts being used to authenticate to other services other than the company O365 tenant?
Thankyou,
Paul
Thankyou for your reply. So if this Microsoft account was setup on a 3rd party Azure tenant and also tied to the company email address. The company then setup its own Microsoft Azure account and sync this to on prem via AAD connect. The Microsoft account will now use the login password from AD (as it has been synced) and will be allowed to authenticate to both the company tenant and this 3rd party tenant and indeed any other tenant or web app backed by Microsoft, that allows this account to be used. Is this correct? Is there anyway to stop this and prevent company Microsoft accounts being used to authenticate to other services other than the company O365 tenant?
Thankyou,
Paul
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi,
So we have a user who signed up for a third party website using their company email. We have since found out that the 3rd part website is part of the third parties Microsoft Azure subscription.
We as a company have created our own O365 subscription, and synced this to our on-site AD, so that our users can use their company credentials to sign into O365. What I have found is the user who had used their company email to register on the third parties web app, after we synced the accounts using aad connect, now needs to use his company password to log into the third party. Essentially the account used for the third party, as it is a Microsoft account and the email address is the company address is now using his company account credentials.
Is there any way we can prevent this in the future, or is it simply a matter of informing our users? It may be that we have other users that have signed up for Microsoft using their company email who find they can't login to the Microsoft account anymore because the old password they used to use won't work, as the account now uses their company account password.
Cheers,
Paul
So we have a user who signed up for a third party website using their company email. We have since found out that the 3rd part website is part of the third parties Microsoft Azure subscription.
We as a company have created our own O365 subscription, and synced this to our on-site AD, so that our users can use their company credentials to sign into O365. What I have found is the user who had used their company email to register on the third parties web app, after we synced the accounts using aad connect, now needs to use his company password to log into the third party. Essentially the account used for the third party, as it is a Microsoft account and the email address is the company address is now using his company account credentials.
Is there any way we can prevent this in the future, or is it simply a matter of informing our users? It may be that we have other users that have signed up for Microsoft using their company email who find they can't login to the Microsoft account anymore because the old password they used to use won't work, as the account now uses their company account password.
Cheers,
Paul
I think that, before, accounts were not managed.
Now, they are managed.
The choice of authentication is done "by domain". Now, the right place for this domain is your tenant where your users should know their passwords.
Now, they are managed.
The choice of authentication is done "by domain". Now, the right place for this domain is your tenant where your users should know their passwords.
ASKER
Many thanks for your repsonse. Just to clarify then, if they used the same account for different Microsoft products, a change in one wont effect a change in the other, even if the username / email address has been used to sign into both Microsoft services?