RM Logo
Technical Rating: 
Support Home PageSupport
Print This PagePrint This Page
Add to 'My Library' Add to 'My Library'

Security risk in reusing a user's AD account when Microsoft 365 is federated to RM Unify
Published Date : 19 Feb 2015   Last Updated : 03 Oct 2024   Content Ref: TEC4409412  


Operating System(none)
Part No(none)
SummaryDetails the security and data risks involved in reusing an existing AD account for a new user when Microsoft 365 is federated to RM Unify.



Symptoms

You provision users into RM Unify via the AD Sync service and also have Microsoft® 365™ federated to RM Unify. Within your local AD you find an unused account, which has previously been used to provision an RM Unify and Microsoft 365 account and mailbox. You decide to overwrite the username, display name and possibly other AD attributes with the intention of reusing the AD account as opposed to creating a fresh AD account.

You log on to RM Unify using the AD credentials and access Microsoft 365 to find that you are accessing the mailbox and data of the previous holder of the AD account.


Cause

When users are provisioned to RM Unify using the RM Unify AD Sync service, a unique identifier (IdentityGUID) is taken from the AD account and used as a constant identifying value throughout RM Unify (where it is referred to as the PersonId) and the systems it provisions into, such as Microsoft 365 (where it is known as the ImmutableId).

By simply overwriting the username, display name etc you are not effecting any fundamental change to the identity of the AD account as far as RM Unify or Microsoft 365 is concerned; the Identityguid\PersonId\ImmutableId remains the same.


Procedure

The practice of reusing AD accounts in this way is strongly advised against and could present you with a very serious breach of data privacy and security with possible legal ramifications.

RM Unify accounts should always be created from unique AD accounts that belong to the specified user and should never be reused for a different user.


FEEDBACK
Did the information in this article help answer your question?
 Yes
 No
Please add any comments about this article in the box below. If you answered No then it is important you tell us why so that we can change the article if required. We can only respond if you log in to the RM Support website or provide your contact details. Note: If you need help with a technical query, please log a call online or telephone our support team.
Thank you for your feedback, which is sent directly to the RM Knowledge team. We address every message received with the intention of improving our Knowledge Library articles. If you have an unresolved technical issue, please contact RM Support.


If this article has not helped provide a solution then it is also possible to log a call...



Document Keywords: Security risk in reusing a user's AD account when Microsoft Office 365 is federated to RM Unify, m365, o365, TEC4409412


Please read - important disclaimer information.
http://www.rm.com/_RMVirtual/Includes/csredirect.asp?cref=&title=Standard Content Disclaimer


Top Of PageTop of page