Skip to Content.
Sympa Menu

assurance - [Assurance] Passwords and Office365

Subject: Assurance

List archive

[Assurance] Passwords and Office365


Chronological Thread 
  • From: Etan Weintraub <>
  • To: "''" <>
  • Subject: [Assurance] Passwords and Office365
  • Date: Wed, 6 Mar 2013 19:37:30 +0000
  • Accept-language: en-US
  • Authentication-results: sfpop-ironport07.merit.edu; dkim=neutral (message not signed) header.i=none

Hi all-

We are in the process of implementing Office365 here at Hopkins, and based on the implementation guides, I had a question as to its impact on our ability to get Silver Assurance, so I figured I would ask here and see if anyone could give me an answer.

 

Basically, according to the information I can gleam, even using ADFS, at certain points (i.e. when using a mobile device to connect to the email service) the username and password are first sent to Microsoft servers, then back in to our environment and servers for authentication. Given that the username and password would be shipped securely (we are confirming that we can turn off all non-secure access points, but believe that it is available to do), but is “intercepted” and proxied through to our servers by the Microsoft servers, would this become an non-auditable point, and therefore potentially eliminate us from being able to get Silver?

 

-Etan E. Weintraub

Sr. Systems Engineer

Directory Architecture

IT@Johns Hopkins

Johns Hopkins at Mt. Washington

5801 Smith Ave.

Suite 3110B

Baltimore, MD 21209

Phone: 410-735-7945

E-mail:

 




Archive powered by MHonArc 2.6.16.

Top of Page