Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Sarkis Missakian

My feedback

  1. 289 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    25 comments  ·  Azure Active Directory » Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
    Sarkis Missakian supported this idea  · 
    An error occurred while saving the comment
    Sarkis Missakian commented  · 

    We are using Pass-Through Authentication in AzureAD Connect, but I can confirm that if a user's account is set to expire, they are still able to access cloud resources (O365) if the session was saved in the browser. "Stay signed in"

    Everything I have read says that if Pass-through Authentication is used, this should not happen. I have set Password Hash to disabled, Pass-through is enabled with 3 agents inside our network (on-prem domain joined servers) If a user is connected directly to the LAN or connected to our VPN, the outcome is expected. But if a remote user is accessing O365 via web browser with no connection to the VPN, they are still able to access cloud resources in the browser long after the account expired. This only occurs if they have a saved session. If they try to initiate a new session by logging in, it is only then that the expected outcome occurs. They will receive "Your account is temporarily locked out to prevent unauthorized use"

    Why is Pass-through Authentication not working for us as expected?

Feedback and Knowledge Base