Technology

58303 readers

11 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

[email protected]

121

Microsoft is preparing to bring on Amazon as a customer of its 365 cloud tools in a $1 billion megadeal, according to an internal document (www.businessinsider.com)

submitted 1 year ago by [email protected] to c/[email protected]

35 comments fedilink hide all child comments

Microsoft is preparing to bring on Amazon as a customer of its 365 cloud tools in a $1 billion megadeal, according to an internal document::Preparations for this huge cloud software deal mark a significant shift in the relationship between the two technology giants.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 26 points 1 year ago (7 children)

My company recently started using MS Authenticator for 2FA in our emails. At first I was pleased about the extra security. But the way they implemented it is so fucking bonkers I can’t even handle it.

When you log in, it tells you to check your phone. On your phone you have to enter your password, then wait about 10 seconds, use biometrics, then they show you a number, and then ask you to type that number - on your phone, the same fucking device they showed it to you. And if you miss the number flashing, the text box where you enter the number covers the number so you have to tap “I can’t see the number, hide this box”. Then, if you’re trying to check your email on mobile, you have to force quit Outlook because it won’t load new emails until it launches.

The worst part is that you lose your token two times a day. So you have to log in twice a day on every device you use. It’s such a hindrance to productivity it’s insane.

[–] [email protected] 15 points 1 year ago

That's pretty shitty implementation... By your IT department

[–] [email protected] 14 points 1 year ago (1 children)

Something is definitely wrong... or set up differently. I haven't had the need to use 2FA for Microsoft products on anything after the first time I sign in to a new device. Contact your IT department. They may be able to help you.

[–] [email protected] 4 points 1 year ago

This is company wide and countless complaints have been made.

[–] [email protected] 13 points 1 year ago (2 children)

That does not sound right. They should be promoting you to enter the number on the device where you initiated the authentication, not on your phone; at least that is how it works for me when I connect my company laptop to VPN - I have to use MS Authenticator on my phone, which shows a number (protected by two biometrics), which I then have to enter on my laptop.

[–] [email protected] 4 points 1 year ago (1 children)

No, OP is completely correct. It’s all down to how the company configures their MFA, but MS MFA will definitely show you a two-digit number on the system you initiated the auth on, and force you to type that on your Authenticator app.

I work with a vendor that has this setup and do this every day when accessing their systems.

Thankfully my own company doesn’t have the type a number stuff turned on.

[–] [email protected] 1 points 1 year ago

Yes you are right, that is how I have to do it - I got it the wrong way round in my previous post. I enter the numbers into the app on my phone.

[–] [email protected] 2 points 1 year ago

Yea thats a really bad implementation. We use 2FA at my work and its much less cumbersome than this.

[–] [email protected] 9 points 1 year ago (1 children)

Your IT department set it up wrong in your Microsoft tenant.

[–] kogasa 1 points 1 year ago* (last edited 1 year ago)

Hello, I'm an IT department and recently set this up for my organization. No, this is how Microsoft Authenticator works. The "enter the code shown on screen" thing for passwordless login is great, but it can't always detect that you're on the same device as the authenticator, so that's awkward. The authenticator app always requires biometric authentication, this is an application/client-side setting that has nothing to do with the tenant. The delay between submitting a request and receiving the code is obviously not configurable, and sometimes it is quite bad (up to 10 seconds). On Android I have had the experience where after switching from the authenticator (which opened as a modal) back to the primary app, I could no longer re-open the authenticator app and see the number again, so I had to wait quite a while for the next request to go through.

It is just a pretty awkward experience from a phone, this has nothing to do with the tenant configuration. It's smoother if you're authenticating with your phone on a different device and the authentication servers aren't feeling slow that day.

The only thing you CAN do as an IT admin is provide users alternative authentication options besides passwordless, including a standard 2FA code.

Edit: Oh fuck, you probably just meant the "authenticate twice a day" thing. Sorry. That's configurable. Whether or not it's appropriate really depends. It defaults to a much higher time period so evidently it's on purpose. But it does suck.

[–] [email protected] 1 points 1 year ago

We get the number on our device and the notification on mobile is right quick, so by the time you've unlocked your phone you click the notif, copy the number and done. That's not too unbearable.

[–] [email protected] 1 points 1 year ago

And if you decide not to use ms Authenticator every time you log in with a third party one it’ll recommend you to get it every time. Don’t sell me shit when I’m trying to securely log in.