![]() |
MS-DEFCON 2:
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it.
|
-
Office 365 & Factory Shift use
Home › Forums › Admin IT Lounge › Office 365 & Factory Shift use
- This topic has 10 replies, 4 voices, and was last updated 6 months, 2 weeks ago.
Viewing 10 reply threads-
AuthorPosts
-
-
June 30, 2020 at 9:45 am #2276586
8string
AskWoody PlusI am helping a client of mine migrate from W7 to W10. Traditionally, they have had generic logins for groups of workers. (i.e. FooFighters). So the FooFighters could login at a break room and go to OWA and login to their email through there. They might also need to open a spreadsheet or word doc relating to their work. One login for them all.
Now, with the concerns of hacking etc, we have implemented Office 365 and W10 with MFA. However, many of these workers don’t usually carry cell phones, nor do we want to create a login for every single user. We would prefer another single login, “FooFighters” and allow a common desktop for all of them that are in the break room along with a single FooFighters group email for all of them.
Is there any reasonable way I am missing here to accomplish this? Would the MSFT “Guest Account” be the best way to implement this?
Thanks in advance.
AlB in PT
-
This topic was modified 6 months, 3 weeks ago by
8string.
-
This topic was modified 6 months, 3 weeks ago by
-
June 30, 2020 at 10:57 am #2276601
Susan Bradley
Da BossAdd a single Azure P1 to the account (go into subscriptions and you can add it) and you can add whitelisting to the static IP of the office. Thus for a kiosk computer that is physically located behind a static IP of the firm, it won’t be prompted for two factor.
BUT the account itself is protected by MFA so thus blocked from external access.
Susan Bradley Patch Lady
1 user thanked author for this post.
-
June 30, 2020 at 12:38 pm #2276642
mn–
AskWoody Loungerwe have implemented Office 365 and W10 with MFA. However, many of these workers don’t usually carry cell phones, nor do we want to create a login for every single user.
One thing with this though, check your license compliance… 365 really isn’t very nice for these cases. For shared computers, volume or retail licensed local MS Office is still often relevant.
Yeah, the P1 add-on is really useful for a lot of “special” usage cases.
-
June 30, 2020 at 3:15 pm #2276674
-
July 1, 2020 at 5:53 pm #2277059
alQamar
AskWoody_MVPthis scenario does not fit with the solution below: “many of these workers don’t usually carry cell phones”
otherwise:
Enable Modern Authentication (ADAL) in the tenant. Might not be enable by default.
Consider to provide them with Microsoft Authenticator App, enable MFA enforced on the single account in the tenant
save the recovery code in a safe central place that needs NOT the same MFA to login / authenticate
Everyone that needs to access / login can use MFA from Authenticator
What this means:
you have a quite high security with MFA for this group of users, Outlook 365 will not require MFA, using single sign on in best case (if configured via GPO / AD Sync etc)
you do not need application codes for O365 to circumvent MFA.
-
July 2, 2020 at 9:08 am #2277185
8string
AskWoody Pluswith all due respect, having worked with Authenticator, I prefer getting a text message. Having to open an app has seemed more frustrating than getting a text message. And when I changed phones (but not numbers) the hassle of recreating the Authenticator was frustrating. I swore I would never use it again if I could help it. Almost better to use a USB key.
-
July 2, 2020 at 9:33 am #2277187
mn–
AskWoody Loungerwith all due respect, having worked with Authenticator, I prefer getting a text message. Having to open an app has seemed more frustrating than getting a text message.
Oh well, YMMV.
Depending on other factors, SMS may not be sufficiently secure and reliable for all cases – the authenticator app is in theory a bit better.
Dedicated security device (USB key, smartcard, whatever) done correctly should be better, yes, but budgeting for those is another thing…
-
July 2, 2020 at 5:24 pm #2277352
alQamar
AskWoody_MVP“Dedicated security device (USB key, smartcard, whatever) done correctly should be better, yes, but budgeting for those is another thing…”
“I swore I would never use it again if I could help it. Almost better to use a USB key.”
I personally use Yubikey for passwordless authentication (-if you need more information I can recommend the blog of Michael Mardahl)
but this has high requirements (Azure Tentants only, does not work with Win 10 that are not azure AD joined. Costs are relative taking the risk of data loss or loss of productivity into account.
“Having to open an app has seemed more frustrating than getting a text message. ”
It has options to give you a popup so you don’t have to open it but choose from 3 numbers.“And when I changed phones (but not numbers) the hassle of recreating the Authenticator was frustrating.”
Microsoft Authenticator now offers a cloud based backup to your private / edu / work MS account, I can confirm it works. Have 15+ tokens in there for different services.
-
July 2, 2020 at 6:00 pm #2277357
-
July 2, 2020 at 6:02 pm #2277356
anonymous
GuestThanks I think I have a solution. There is a Yubikey that works without finger recognition. It is used mainly in server environments but might work for ours. We are not leaving AD anytime soon. So we’ll explore this option.
As to the Authenticator backup, I’ll have to look into that. Is there a link? Or is it a feature of certain versions of AD?
-
July 3, 2020 at 7:17 am #2277446
-
-
July 2, 2020 at 6:37 pm #2277363
-
-
AuthorPosts
Viewing 10 reply threads -
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.
Search The Lounge
Recent Replies
b on Zero day Windows 10 bug
12 minutes agoanonymous on Checking e-mail attachments with VirusTotal
38 minutes agomn-- on Checking e-mail attachments with VirusTotal
39 minutes agoPaul T on KB4598242 fails to install, in rollback loop 2021-01 cum upate
44 minutes agoPaul T on Copying Folder Names Into Excel
55 minutes agoSoulAsylum on Giving you the choice
56 minutes agoSusan Bradley on Giving you the choice
57 minutes agoCybertooth on Giving you the choice
1 hour, 5 minutes agoAlex5723 on Zero day Windows 10 bug
1 hour, 6 minutes agoAlex5723 on Zero day Windows 10 bug
1 hour, 9 minutes agoAlex5723 on Giving you the choice
1 hour, 19 minutes agoWCHS on Checking e-mail attachments with VirusTotal
1 hour, 19 minutes agoPaul on Copying Folder Names Into Excel
1 hour, 37 minutes agomn-- on Checking e-mail attachments with VirusTotal
1 hour, 37 minutes agob on Zero day Windows 10 bug
1 hour, 53 minutes agob on Checking e-mail attachments with VirusTotal
1 hour, 59 minutes agoKirsty on Giving you the choice
2 hours, 2 minutes agoMicrofix on Giving you the choice
2 hours, 6 minutes agowavy on Zero day Windows 10 bug
2 hours, 12 minutes agob on Mouse settings NOT preserved after reboot
2 hours, 13 minutes agowavy on Understanding Section 230
2 hours, 30 minutes agoMicrofix on Checking e-mail attachments with VirusTotal
2 hours, 32 minutes agob on Updates paused but not?
2 hours, 37 minutes agowavy on Giving you the choice
2 hours, 45 minutes agoWCHS on Zero day Windows 10 bug
2 hours, 47 minutes agoErik_S47 on Updates paused but not?
3 hours, 3 minutes agoanonymous on Mouse settings NOT preserved after reboot
3 hours, 35 minutes agoanonymous on Back to School App Spotlight: Nota Bene
3 hours, 37 minutes agob on Zero day Windows 10 bug
3 hours, 43 minutes agoBobT on Windows 7 ESU year two oddities
3 hours, 45 minutes ago
Recent Topics
-
Checking e-mail attachments with VirusTotal
40 minutes ago
-
Giving you the choice
56 minutes ago
-
outlook 365 emails not queueing
4 hours, 50 minutes ago
-
Need a Great Rules Add-in for Outlook 2019
7 hours, 7 minutes ago
-
Mouse settings NOT preserved after reboot
2 hours, 13 minutes ago
-
Apple News Wrap Up: January 17, 2021
4 hours, 32 minutes ago
-
Tasks for the weekend – January 16, 2021
10 hours, 49 minutes ago
-
Use Word to Create Awesome Signs
19 hours, 16 minutes ago
-
Zero day Windows 10 bug
12 minutes ago
-
KB4598242 fails to install, in rollback loop 2021-01 cum upate
44 minutes ago
-
Updates paused but not?
2 hours, 38 minutes ago
-
Security update for Secure Boot DBX can be skipped (KB4535680)
5 hours, 24 minutes ago
-
Copying Folder Names Into Excel
55 minutes ago
-
The iPhone Companion
1 day, 10 hours ago
-
Apple Tips : 9 tips to take control of your privacy on iPhone
1 day, 10 hours ago
-
Internet drops briefly
1 day, 10 hours ago
-
A Zero-day Windows 10 bug corrupts your hard drive on seeing this file’s icon
16 hours, 49 minutes ago
-
Windows 7 ESU year two oddities
3 hours, 46 minutes ago
-
Color Rendering in PowerPoint 2019 Export to Video Function
1 day, 23 hours ago
-
WiFi Security Alerts after moving from 1909 to 2004
1 day, 4 hours ago
-
The MacBook Pro pre-2016 is back
22 hours, 56 minutes ago
-
What Is the Latest Stable Version of Windows 10?
1 day, 3 hours ago
-
OOMA vs MagicJack
22 hours, 52 minutes ago
-
Want 7GB of extra disk space?
2 days, 7 hours ago
-
Windows 10X and its purpose
2 days, 10 hours ago
-
Neither Exchange nor GMail will connect
2 days, 2 hours ago
-
Tweaking spreadsheet data
6 hours, 44 minutes ago
-
Windows 10 Latest Patch: KB 4598242
6 hours, 38 minutes ago
-
Firefox Browser Replacement – Opera
3 days, 2 hours ago
-
Windows 10 Insider Preview build 20292 released to DEV Channel
2 days, 3 hours ago
Search for Topics
Recent blog posts
- Giving you the choice
- Tasks for the weekend – January 16, 2021
- Zero day Windows 10 bug
- Security update for Secure Boot DBX can be skipped (KB4535680)
- Windows 7 ESU year two oddities
- Attention partners: Microsoft really is coming for your clients this time
- January 2021 updates are here
- MS-DEFCON 2 – Get ready for January updates
Key Links
Copyright © 2004 – 2021 AskWoody Tech LLC. All rights reserved.