![]() ![]() ![]() Compliance considerations when sending passwordsīefore you enable anything that allows for the transmission of passwords from your on-premises Exchange environment, be sure to consider the possible ramifications. As long as the user continues to open and use Outlook periodically, the Microsoft 365 or Office 365-based architecture will keep a copy of the user's decrypted password in memory to keep the connection to the Exchange server active. Once decrypted, the password is never stored in the service or written to a local storage disk, and the device key is once again wiped from memory.Īfter the Microsoft 365 or Office 365-based architecture has decrypted the password at runtime, the service can then connect to the Exchange server to synchronize mail, calendar, and other mailbox data. Next, when a user attempts to connect to Exchange to retrieve mailbox data, the device key is again passed from the device to the Microsoft 365 or Office 365-based architecture over a TLS-secured connection, where it is used to decrypt the password in runtime compute memory. ![]() The device key, meanwhile, is wiped from memory and never stored in the Microsoft 365 or Office 365-based architecture (the key is only stored on the user's device). After verifying the password with the Exchange server, the Microsoft 365 or Office 365-based architecture uses the device key to encrypt the password, and the encrypted password is then stored in the service. When a user logs onto Exchange with Basic authentication, the username, password, and a unique AES-128 device key are sent from the user's device to the Outlook cloud service over a TLS connection, where the device key is held in runtime compute memory. This key is known as the device key and is stored only on the user's device. The first time the Outlook app for iOS and Android is run in an Exchange on-premises environment, Outlook generates a random AES-128 key. Creating an account and protecting passwords For more information, please see Using hybrid Modern Authentication with Outlook for iOS and Android. The information contained in this article only pertains to basic authentication. Outlook for iOS and Android supports hybrid Modern Authentication for on-premises mailboxes which eliminates the need to leverage basic authentication. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2023
Categories |